Aflac hacked: Social Security numbers, claims, and health data at risk in insurance firm cyberattack

Aflac Incorporated (NYSE: AFL) was the most recent target of a “sophisticated cybercrime group” that has led a campaign against a number of insurance companies in recent weeks, according to a statement issued by the company today.The cyberattack, which was first identified by the company June 12, was stopped within a few hours and business operations were not impacted. However, the number of Aflac insurance-holders affected by the breach is still unknown. Files containing personal information, such as Social Security numbers, health information, and insurance claims information, could have been compromised during the attack, the company said. “We regret that this incident occurred,” the company wrote in a statement. “We will be working to keep our stakeholders informed as we learn more and continue investigating the incident.” During the investigation, Aflac is offering credit monitoring, identity theft protection, and a two year Medical Shield policy for free to any customers who call their incident-dedicated call center. The company suspects social engineering helped the cybercrime group infiltrate its networks. Social engineering—which includes tactics like phishing emails—involves deceiving a victim into revealing personal information or providing access into otherwise secure systems. Aflac is only the latest insurance company impacted by these cybersecurity incidents. Erie Insurance and Philadelphia Insurance Companies issued statements about similar cyberattacks earlier this week, exposing a growing threat to the insurance industry. The insurance industry is a recent target of a cybercrime group called Scattered Spider, John Hultquist, chief analyst of Google’s threat intelligence group, shared Monday on X. Scattered Spider, also known as UNC3944, is reportedly a group of hackers who target large organizations primarily in English-speaking countries. The group previously gained attention targeting U.K. retailers, such as Marks & Spencer and Harrods. To defend against attacks by Scattered Spider, Google’s threat intelligence group suggests companies should educate employees about social engineering tactics and strengthen security measures, such as identity verification and authentication procedures. Aflac did not immediately respond to a request for comment about which social engineering tactics were used in the attack and whether additional cybersecurity measures would be put in place to ward off future attacks. After a 1.37% drop between the close of trading Wednesday and opening on Friday, Aflac’s stock price is looking up as the dust settles following the incident.

Jun 20, 2025 - 18:50

Aflac hacked: Social Security numbers, claims, and health data at risk in insurance firm cyberattack

Aflac Incorporated (NYSE: AFL) was the most recent target of a “sophisticated cybercrime group” that has led a campaign against a number of insurance companies in recent weeks, according to a statement issued by the company today.

The cyberattack, which was first identified by the company June 12, was stopped within a few hours and business operations were not impacted. However, the number of Aflac insurance-holders affected by the breach is still unknown. Files containing personal information, such as Social Security numbers, health information, and insurance claims information, could have been compromised during the attack, the company said.

“We regret that this incident occurred,” the company wrote in a statement. “We will be working to keep our stakeholders informed as we learn more and continue investigating the incident.”

During the investigation, Aflac is offering credit monitoring, identity theft protection, and a two year Medical Shield policy for free to any customers who call their incident-dedicated call center.

The company suspects social engineering helped the cybercrime group infiltrate its networks. Social engineering—which includes tactics like phishing emails—involves deceiving a victim into revealing personal information or providing access into otherwise secure systems.

Aflac is only the latest insurance company impacted by these cybersecurity incidents. Erie Insurance and Philadelphia Insurance Companies issued statements about similar cyberattacks earlier this week, exposing a growing threat to the insurance industry.

The insurance industry is a recent target of a cybercrime group called Scattered Spider, John Hultquist, chief analyst of Google’s threat intelligence group, shared Monday on X.

Scattered Spider, also known as UNC3944, is reportedly a group of hackers who target large organizations primarily in English-speaking countries. The group previously gained attention targeting U.K. retailers, such as Marks & Spencer and Harrods.

To defend against attacks by Scattered Spider, Google’s threat intelligence group suggests companies should educate employees about social engineering tactics and strengthen security measures, such as identity verification and authentication procedures.

Aflac did not immediately respond to a request for comment about which social engineering tactics were used in the attack and whether additional cybersecurity measures would be put in place to ward off future attacks.

After a 1.37% drop between the close of trading Wednesday and opening on Friday, Aflac’s stock price is looking up as the dust settles following the incident.