Insurance giant Aflac has confirmed it was impacted by a widespread cyberattack that may have compromised the personal information of individuals associated with the company’s U.S. business operations. The incident, which was identified last week, is part of a broader wave of attacks affecting the insurance sector.
Aflac detected “suspicious activity” within its U.S. network on June 12th. The company attributes the breach to a “sophisticated cybercrime group,” and investigations are ongoing to determine the full scope of the impact.
What Data May Have Been Exposed?
While Aflac is still reviewing potentially affected files, preliminary findings indicate that sensitive information was indeed exposed. The compromised data may include a range of personal details such as:
Claims information
Health information
Social Security numbers
Other personal identifiers
Individuals potentially impacted by this breach include customers, beneficiaries, employees, agents, and other individuals involved with Aflac’s U.S. operations.
Aflac’s Response and Support
In response to the potential data exposure, Aflac is taking steps to support those affected. The company is offering free credit monitoring and identity theft protection, as well as Medical Shield coverage for 24 months, to individuals who contact their dedicated call center. Aflac encourages anyone concerned about their data to reach out.
Broader Impact and Potential Perpetrators
Aflac acknowledged that its breach appears linked to attacks affecting other insurance companies during the same period. Reports indicate that companies like Erie Insurance and Philadelphia Insurance Companies have also experienced similar hacking incidents this month.
Sources cited by CNN suggest the cybercrime group known as Scattered Spider may be responsible for these attacks. Scattered Spider gained prominence in 2023 following high-profile hacks targeting several Las Vegas casinos and hotels. The group is known for its sophisticated tactics and targeting of large organizations.
Investigations by Aflac and potentially law enforcement are continuing to fully understand the nature of the attack, the extent of the data compromise, and the specific group responsible. Individuals potentially affected are advised to remain vigilant regarding suspicious activity related to their personal and financial information.
