Aflac Discloses Cybersecurity Incident, Customer Data Potentially Exposed Amid Industry-Wide Attacks

Insurance giant Aflac Incorporated has confirmed it was hit by a cybersecurity breach this month, making it one of the latest casualties in a growing wave of cyberattacks targeting US insurance companies. 

The company says it contained the attack within hours and continues to operate normally, but warns that sensitive customer information may have been exposed. Aflac said it detected “suspicious activity” on its US network on June 12 and quickly activated its cyber incident response protocols. 

“We promptly initiated our cyber incident response protocols and stopped the intrusion within hours,” the company stated in its official disclosure. Importantly, Aflac noted that “our systems were not affected by ransomware,” and business operations, including underwriting, claims processing, and customer support, remain uninterrupted.

Social engineering: A key tactic

Aflac’s preliminary findings indicate that the unauthorized party used “social engineering tactics” to gain access to their network. This common cybercrime method often involves tricking individuals into revealing sensitive information or granting access. The company has engaged leading third-party cybersecurity experts to assist with the ongoing investigation.

CNN, citing sources familiar with the investigation, reported that this incident, along with others recently affecting the insurance sector, is consistent with the techniques of a cybercrime group known as “Scattered Spider.” While Aflac did not name the group in its public statement, it did acknowledge the broader context of the attack.

“This attack, like many insurance companies are currently experiencing, was caused by a sophisticated cybercrime group,” Aflac said in a statement on Friday.

Potential data exposure and ongoing review

The review of potentially impacted files is still in its early stages, and Aflac has not yet determined the total number of individuals affected. However, the company has indicated that the compromised files may contain sensitive information, including claims data, health information, Social Security numbers, and other personal details belonging to customers, beneficiaries, employees, and agents in its US business.

As Aflac continues to investigate the scope of the breach, customers and stakeholders are encouraged to remain vigilant. The company promises to share updates as more information becomes available. For assistance related to the breach, individuals can call Aflac’s support center at 1-855-361-0305.