cj social post 1104x736.png
cj social post 1104x736.png

Aflac Reports Potential Leak of Personal Data in Breach

Posted on

Aflac Inc. said a recent cybersecurity breach could have given intruders unauthorized access to customers’ personal information, including Social Security numbers, as well as health and claims data.

The insurer also said Friday it contained the hack within hours of its discovery on June 12 and had hired cybersecurity experts to address the breach.

Related: UBS Confirms Data Stolen After Hack at External Supplier

The company brought in CrowdStrike Holdings Inc., according to a person familiar with the matter, who requested anonymity because the information isn’t public. A Crowdstrike spokesperson declined to confirm the company is working with Aflac and deferred to the insurer for further details about the hack.

It’s unclear how long the unauthorized activity on Aflac’s network lasted before it was discovered. Aflac didn’t immediately respond to a request for comment.

The company said determining the number of affected individuals will require a review of files but anticipated notifying regulators and individuals impacted by the incident. Affected customers will be offered free credit monitoring and identity theft protection services, Aflac said.

Related: Erie Insurance Facing 2 Class Actions Claiming Data Breach

The insurer said its investigation so far indicates that intruders used social engineering tactics to gain access to the network but didn’t demand a ransom.

The breach coincides with a wave of hacks on retail, insurance and health care companies.

“This attack, like many insurance companies are currently experiencing, was caused by a sophisticated cybercrime group,” Aflac said in a separate statement. “This was part of a cybercrime campaign against the insurance industry.”

Since the start of June, insurance providers Blue Shield of California, Lemonade and others reported data-security breaches, according to a listing of such incidents reported to California officials.

On Monday, Google’s cyber threat intelligence arm said it had become aware of multiple intrusions that bore the hallmark of a hacking group known as Scattered Spider. The group appeared to have moved from targeting retail businesses to insurance companies in recent days.

“Given this actor’s history of focusing on a sector at a time, the insurance industry should be on high alert,” said John Hultquist, chief analyst at the Google Threat Intelligence Group.

Copyright 2025 Bloomberg.

Want to stay up to date?

Get the latest insurance news
sent straight to your inbox.

Disclaimer: This content was automatically imported from a third-party source via RSS feed. The original source is: https://www.claimsjournal.com/news/national/2025/06/20/331353.htm. Neuromatrix does not claim ownership of this content. All rights remain with the original publisher.

Welcome! I'm Santhosh K S, a passionate advocate for neuroscience and health. At Neuromatrix, I provide research-backed insights on neurological health, remedies, symptoms, and wellness precautions. With a focus on educational articles and official health guidelines, I aim to empower you with accurate information to support your well-being. Join me as we explore the science behind better health.