Massive data breach sees 15m Americans' personal details stolen from major insurer
A massive cyberattack has exposed the sensitive personal details of Americans after hackers breached the system of Aflac.
Aflac, one of the largest insurance company in the US, has over 50 million customers worldwide and around 15m in America.
The breach identified on June 12 was carried out by a yet unknown hacking group that accessed files containing Social Security numbers, health claims and other private data.
A 11 class-action lawsuits have been already filed against the company, accusing it of failing to protect user data.
Aflac confirmed the breach in a statement filed with the US Securities and Exchange Commission on Friday, noting that the incident affected customers, beneficiaries, employees and agents.
The company has not shared how many people were affected.
'Our business remains operational, and our systems were not affected by ransomware,' said Aflac in a press release.
'This attack, like many insurance companies are currently experiencing, was caused by a sophisticated cybercrime group.'
Aflac, one of the largest insurance company in the US has over 50 million customers worldwide.
The breach was contained within hours, according to Aflac, but the company admitted the scope of attack remains under investigation.
The hackers performed the attack by manipulating individuals and sector-specific targeting into performing actions or divulging confidential information.
Unlike malware or brute-force attacks, these tactics rely on psychological manipulation rather than technical vulnerabilities.
This form of attack involves tricking employees, often help desk workers into revealing passwords or granting access, bypassing traditional security systems like firewalls.
Alfac has hired a third party cybersecurity experts to review the breach and assess the damage.
So far, the company says the data potentially accessed includes names, claims data, Social Security numbers, and health-related information.
Aflac said it is offering free credit monitoring and identity theft protection to affected individuals.
Alfac has hired a third party cybersecurity experts to review the breach and assess the damage.
Aflac reported the data potentially accessed includes names, claims data, Social Security numbers, and health-related information.
A dedicated call center was launched on June 20 to provide support and more details to those impacted by the incident.
The Aflac hack followed a coordinated series of attacks on insurers beginning June 7, starting with Erie Insurance and Philadelphia Insurance Companies.
The FBI has not commented publicly on the breach, but cybersecurity analysts suspect the attack was carried out by a group known as Scattered Spider.
This group operates under a larger cybercriminal network known as The Com, according to Cyberscoop.
The group, active since 2022, is known for attacking US companies in waves using identity-based tactics such as impersonating employees.
John Hultquist, chief analyst at Google's Mandiant Intelligence, said the insurance industry is currently facing a surge in targeted intrusions.
He noted the tactics used in the Aflac breach mirror recent attacks on Erie Indemnity and Philadelphia Insurance Companies.
'This was part of a cybercrime campaign against the insurance industry,' Aflac said in its press release.
'We regret that this incident occurred,' the company added, emphasizing its commitment to protecting customer data going forward.
Security experts warn that breaches like this can have long term consequences for victims.
With Social Security numbers and medical records exposed, individuals may at risk for fraud, scams or even medical identity theft.
Steve Cagle, CEO of Clearwater, a healthcare cybersecurity firm, said Scattered Spider is known for bypassing even multi-factor authentication by tricking help desk personnel.
'This group's specialty is identity-based tactics,' he noted.
Health and insurance records are among the most valuable data types on the black market, experts say.
Scattered Spider has been linked to past attacks on tech companies, casinos, and retailers in both the US and UK.
The group reportedly uses threats of violence and impersonation tactics to gain access to secure systems.
Cyberattacks across the globe rose 44 percent last year, according to a January report by Check Point Research.
The rise is attributed partly to advanced social engineering and the use of generative AI in phishing and impersonation attempts.
Aflac has joined other breached companies in notifying regulators and offering affected customers support and monitoring tools.
As investigations continue, more insurers are expected to come forward with disclosures of similar intrusions.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Reuters
9 minutes ago
- Reuters
Trump-backed crypto firm is planning stablecoin audit, new app
June 25 (Reuters) - Zak Folkman, the co-founder of U.S. President Donald Trump's cryptocurrency platform World Liberty Financial, said on Wednesday that the company will issue an audit of its stablecoin "within days" and that it planned a new app. Folkman also hinted that WLF's governance token, known as WLFI, could soon become tradable in an interview at the Permissionless conference on Wednesday, organized by crypto media company Blockworks in Brooklyn, New York. WLFI, which was launched two months before the U.S. presidential election in November by Trump and his business partners, has yielded hundreds of millions of dollars in revenue for the Republican president's family business. The business, along with other forays into crypto, has drawn a barrage of criticism from Democratic lawmakers, as well as government ethics watchdogs. Critics say it creates conflicts of interest as it is happening at the same time as the president is pulling back enforcement and easing regulations on the industry. The Trump Organization said in January that the president's investments, assets and business interests would be held in a trust managed by his children. The White House and the Trump Organization did not immediately respond to requests for comment. World Liberty has raised the money by selling so-called governance tokens, which give holders the right to vote on changes to the project's underlying code and to signal their opinion on its direction and plans. They cannot be traded. During the interview on Wednesday, when Blockworks co-founder Jason Yanowitz asked whether the token would become tradable, Folkman said, "I don't want to give away too much, but if you pay attention over the next couple of weeks, I think everyone ... is going to be very, very happy." Folkman said WLF would also be launching an app that would make crypto seamless for everyday investors to use. He said the company's stablecoin recently just got its first attestation report from an accounting firm and that it would be posted on its website "within the next few days." "We're going to have very transparent auditing from a financial level," he said.
Reuters
9 minutes ago
- Reuters
Venezuela's ex-spymaster pleads guilty to US drug trafficking charges
WASHINGTON, June 25 (Reuters) - A former director of Venezuelan military intelligence, Hugo Carvajal, pleaded guilty on Wednesday to drug trafficking and narcoterrorism charges in U.S. federal court, the Justice Department said in a statement. Carvajal, 65, once one of the most powerful figures in the Venezuelan government, pleaded guilty to four criminal counts including narcoterrorism conspiracy, conspiracy to import cocaine, and weapons charges. He faces a maximum of life in prison. 'The deeply troubling reality is that there are powerful foreign government officials who conspire to flood the United States with drugs that kill and debilitate,' Jay Clayton, the interim U.S. attorney in Manhattan, said in a statement.
The Independent
15 minutes ago
- The Independent
These are the college degrees in 2025 that will make the most money in 5 years
A new study has identified the college degrees that will make the most money after five years in the workforce, with the best-paying jobs in engineering, computer science, and health industries. Going to college in the U.S. has a hefty price tag, with the average cost coming in at $38,270 per year. Analysis of data from the Bureau of Labor Statistics conducted by Student Choice has calculated the 'Return on Investment' on degrees after five years in work after graduating to guide prospective students when making the tough choice of what to study. The organization multiplied the average cost of college by four to get $153,080. It compared the figure against the median wage earned in each job after five years and multiplied it by 100 to calculate the return on investment percentage. When ranking the most popular college degrees in 2024 by return on investment, majoring in engineering came out on top, with a return of 326.6 percent, according to the analysis. A major in computer science and computer information technology was next at 310.3 percent, followed by nursing at 280.9 percent, accounting at 261.3 percent and biochemistry at 248.2 percent. When ranking the most common occupations for each degree type with the highest return on investment after five years, computer and information system managers came in first place at 553.7 percent. Advertising and marketing managers followed with a return on investment of 511.4 percent, then aerospace engineers at 427 percent, PR and fundraising managers at 426.2 percent, and software developers with a return of 425.1 percent. Student Choice said that return on investment is just one aspect to consider when deciding what to study. 'Practical factors such as student loan interest rates, loan deferment options, repayment models, and housing costs should be considered when choosing a degree and a loan,' the organization said. 'Our analysis of degrees with the best return on investment does not take these significant variables into account, so we urge you to make choices based on your specific situation.' Student debt in the U.S. is a major issue and nearly 43 million Americans have federal student loan debt.
