US insurance giant Aflac says customers’ personal data stolen during cyberattack

Aflac, one of the largest insurers in the United States, has revealed that hackers successfully infiltrated its network and stole personal data belonging to an undisclosed number of customers during a recent cyberattack. The company made this announcement in a mandatory filing with the U.S. Securities and Exchange Commission on Friday, detailing that the breach was identified on June 12. The insurance giant, which specializes in supplemental coverage for individuals, reported that the compromised information includes sensitive details such as Social Security numbers, health records, and claims data. Furthermore, data from Aflac's beneficiaries, employees, and agents were also impacted by the breach. While Aflac confirmed that ransomware was not involved in this incident, it attributed the breach to an unnamed cybercrime group known for targeting the U.S. insurance industry. According to their press release, the hackers employed social engineering tactics to infiltrate the network. An unnamed spokesperson from Aflac declined to provide further information when contacted by TechCrunch, leaving many questions unanswered. Aflac, which serves approximately 50 million customers, joins a growing list of U.S. insurance companies facing cyber threats, following recent warnings about increased attacks on the industry. John Hultquist, chief analyst at Google's threat intelligence unit, stated last week that multiple intrusions have been identified in the United States, showing signs of involvement from a group known as Scattered Spider. This collective is known for utilizing social engineering tactics and, at times, threats of violence to breach company networks. The same hacker group has also been implicated in recent attacks on Erie Insurance and Philadelphia Insurance Companies, both of which disclosed cyber incidents this month. Scattered Spider has a history of financially motivated attacks, with previous targets including tech companies, casinos, hotels, and retail sectors in both the U.K. and U.S.