CyberSecurity news
FlagThis
@cyberscoop.com
//
Aflac Incorporated, the insurance giant, has confirmed a cybersecurity incident that occurred on June 12, 2025. The company detected suspicious activity on its US network and promptly initiated its cyber incident response protocols, successfully stopping the intrusion within hours. According to Aflac's official disclosure, their systems were not affected by ransomware, ensuring business operations such as underwriting, claims processing, and customer support remain uninterrupted. However, Aflac warns that sensitive customer information may have been exposed during the breach.
Preliminary findings indicate that the unauthorized party used sophisticated social engineering tactics to gain access to Aflac's network. This method often involves tricking individuals into revealing sensitive information or granting access. Aflac has engaged leading third-party cybersecurity experts to assist with the ongoing investigation. CNN, citing sources familiar with the investigation, reported that this incident, along with others recently affecting the insurance sector, is consistent with the techniques of a cybercrime group known as “Scattered Spider.” Aflac acknowledged the broader context of the attack, stating, "This attack, like many insurance companies are currently experiencing, was caused by a sophisticated cybercrime group."
The review of potentially impacted files is still in its early stages, and Aflac has not yet determined the total number of individuals affected. However, the company has indicated that the compromised files may contain sensitive information. The Aflac breach is the latest cyberattack against the insurance industry.
References :
Preliminary findings indicate that the unauthorized party used sophisticated social engineering tactics to gain access to Aflac's network. This method often involves tricking individuals into revealing sensitive information or granting access. Aflac has engaged leading third-party cybersecurity experts to assist with the ongoing investigation. CNN, citing sources familiar with the investigation, reported that this incident, along with others recently affecting the insurance sector, is consistent with the techniques of a cybercrime group known as “Scattered Spider.” Aflac acknowledged the broader context of the attack, stating, "This attack, like many insurance companies are currently experiencing, was caused by a sophisticated cybercrime group."
The review of potentially impacted files is still in its early stages, and Aflac has not yet determined the total number of individuals affected. However, the company has indicated that the compromised files may contain sensitive information. The Aflac breach is the latest cyberattack against the insurance industry.
Share:
References :
- thecyberexpress.com: The Cyber Express article on Aflac Breach
- eSecurity Planet: eSecurityPlanet article on Aflac Cyber Security Incident
- www.esecurityplanet.com: Aflac Discloses Cybersecurity Incident, Customer Data Potentially Exposed Amid Industry-Wide Attacks
- Threats | CyberScoop: Cyberscoop reports Aflac duped by social-engineering attack, marking another hit on insurance industry
- DataBreaches.Net: Aflac notifies SEC of breach suspected to be work of Scattered Spider
- www.prnewswire.com: Aflac Incorporated discloses cybersecurity incident.
- www.scworld.com: Aflac among victims in cyberattacks targeting US insurance industry
- techcrunch.com: U.S. insurance giant Aflac says customers’ personal data stolen during cyberattack
- Dominic Alvieri: Aflac has been breached. Stolen files include social security numbers, claims & health information from customers, beneficiaries and employees. The exact amount of exfiltrated data is. It yet known. This is a developing release.
- techcrunch.com: New: U.S. insurance giant Aflac says it was hacked and customers' personal data stolen. Unclear how much data yet, but Aflac has ~50 million customers.
Classification:
- HashTags: #Cyberattack #DataBreach #Insurance
- Company: Aflac
- Target: Aflac, Customers
- Feature: Social Engineering
- Type: DataBreach
- Severity: Medium