Aflac, one of the largest insurance companies in the United States, says hackers stole an unknown quantity of its customers’ personal information from its network during a cyberattack earlier this month.
The insurance giant confirmed Friday in a legally required filing with the U.S. Securities and Exchange Commission that the company identified hackers in its system on June 12 and contained the incident. Aflac, which provides supplemental insurance to individuals whose expenses are not covered by their primary providers, said it was not yet known how many customers are affected by the data breach, but that the personal data includes customers’ claims, such as Social Security numbers and health information.
The breach also included data from Aflac’s beneficiaries, employees, and agents, the company said.
Aflac said its systems were not affected by ransomware, but attributed the breach to an unspecified cybercrime group known to be targeting the U.S. insurance industry. According to its Friday press release, Aflac said the hackers used social engineering tactics to break into its network.
An Aflac spokesperson, who did not provide their name, declined to answer TechCrunch’s questions when reached by email on Monday.
Aflac, which has around 50 million customers per the company’s website, is the latest U.S. insurance company to experience a cyberattack in recent weeks, amid warnings that hackers are targeting the wider insurance industry.
John Hultquist, the chief analyst for Google’s threat intelligence unit, said last week that the unit was “aware of multiple intrusions” in the U.S. that bear the hallmarks of activity linked to Scattered Spider, a loose-knit collective of hackers and tactics that rely on social engineering tactics and sometimes threats of violence to target company help desks and call centers in order to gain access to their networks.
The hackers are also reportedly behind the recent intrusions at Erie Insurance and Philadelphia Insurance Companies, which disclosed cyberattacks this month, with disruption ongoing.
The hackers linked to Scattered Spider attacks are known to be financially motivated, and have been previously linked to cyberattacks and intrusions at tech giants, casinos, and hotels, and recent data breaches across the U.K. and U.S. retail sector.
Save $200+ on your TechCrunch All Stage pass
Build smarter. Scale faster. Connect deeper. Join visionaries from Precursor Ventures, NEA, Index Ventures, Underscore VC, and beyond for a day packed with strategies, workshops, and meaningful connections.
Save $200+ on your TechCrunch All Stage pass
Build smarter. Scale faster. Connect deeper. Join visionaries from Precursor Ventures, NEA, Index Ventures, Underscore VC, and beyond for a day packed with strategies, workshops, and meaningful connections.
|
July 15
Original Source: https://techcrunch.com/2025/06/23/us-insurance-giant-aflac-says-customers-personal-data-stolen-during-cyberattack/
Disclaimer: This article is a reblogged/syndicated piece from a third-party news source. Content is provided for informational purposes only. For the most up-to-date and complete information, please visit the original source. Digital Ground Media does not claim ownership of third-party content and is not responsible for its accuracy or completeness.
