Aflac discloses cybersecurity incident
Aflac said Friday that it experienced a cybersecurity incident last week that may have impacted files containing social security numbers, health information and other personal information.
The insurance company first detected suspicious activity on its network last Thursday and 'promptly initiated our cyber incident response protocols and stopped the intrusion within hours,' according to a press release.
'Importantly, our business remains operational, and our systems were not affected by ransomware,' it said. 'We continue to serve our customers as we respond to this incident and can underwrite policies, review claims, and otherwise service our customers as usual.'
Aflac noted its preliminary findings suggest the perpetrators used social engineering tactics to gain access to its network. Because its review is still in the early stages, the company said it is unable to determine the total number of people impacted.
It is offering free credit monitoring, identity theft protection and Medical Shield for 24 months for those who reach out to the insurance firm's call center.
'We regret that this incident occurred,' Aflac added. 'We will be working to keep our stakeholders informed as we learn more and continue investigating the incident.'
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Associated Press
3 hours ago
- Associated Press
DATA BREACH ALERT: Edelson Lechtzin LLP Is Investigating Claims On Behalf Of Aflac Incorporated Customers Whose Data May Have Been Compromised
NEWTOWN, Pa., June 20, 2025 (GLOBE NEWSWIRE) -- The law firm of Edelson Lechtzin LLP is investigating data privacy claims regarding an incident at Aflac Incorporated ('Aflac'). Aflac learned of suspicious activity on its network or about June 12, 2025. About Aflac Incorporated Aflac, a Fortune 500 company, is known for its specialized insurance products that help cover expenses that health insurance may not. Originally established as the American Family Life Assurance Company of Columbus, it officially shortened its name to Aflac in 1989. What happened? On or around June 12, 2025, Aflac discovered suspicious activity on its network. They immediately launched an investigation and have since determined that this breach was caused by a group of cybercriminals, who potentially gained access to personal information. What type of information was stolen? The personal information in the compromised files may have included: How can I protect my personal data? If you receive a data breach notification concerning Aflac, you must guard against identity theft and fraud by regularly reviewing your account statements and monitoring your credit reports for suspicious or unauthorized activity. Edelson Lechtzin LLP is investigating a class action lawsuit to seek legal remedies for individuals whose sensitive personal data may have been compromised by the Aflac data breach. For more information, please contact: Marc H. Edelson, Esq. EDELSON LECHTZIN LLP 411 S. State Street, Suite N-300 Newtown, PA 18940 Phone: 844-696-7492 ext. 2 Email: [email protected] About Edelson Lechtzin LLP Edelson Lechtzin LLP is a national class action law firm with offices in Pennsylvania and California. In addition to cases involving data breaches, our lawyers focus on class and collective litigation in cases alleging securities and investment fraud, violations of the federal antitrust laws, employee benefit plans under ERISA, wage theft and unpaid overtime, consumer fraud, and catastrophic injuries. This press release may be considered Attorney Advertising in some jurisdictions.
CNET
5 hours ago
- CNET
Cybercriminals Breach Aflac, Private Customer Data Could Be At Risk
Aflac said Friday that cybercriminals breached its computer systems, potentially exposing some of the most personal data including the Social Security numbers and healthcare information of an unknown number of Americans and marking the latest in a recent string of online attacks against insurance companies. The Columbus, Georgia-based insurance giant said that it detected suspicious activity on its US networks, quickly responded to it and managed to stop the online intruders "within hours." Aflac added that its business remains operational and that its systems were not infected with ransomware. Aflac is the latest and biggest insurance companies to so far be targeted by cybercriminals. Philadelphia Insurance and Erie Insurance were both hit by cyberattacks earlier this month and have yet to resume full operations. "This attack, like many insurance companies are currently experiencing, was caused by a sophisticated cybercrime group," Aflac said in a statement without providing details to back that claim. "This was part of a cybercrime campaign against the insurance industry." Aflac said that it's working with outside cybersecurity experts to investigate the breach. It's in the process of determining which of its files were potentially compromised and how many people may have been affected. The potentially affected files could include customer data like Social Security numbers, insurance claims, health information and other personal details. Information about Aflac's employees, agents and other people involved in its US businesses could also be compromised, the company said. While that investigation is still in its early stages, Aflac it appears that the attackers gained access to its networks through a social engineering attack, where instead of breaking into a computer system attackers will often pose as someone in authority like an executive or a IT worker to trick an employee into handing over their legitimate login credentials. John Hultquist, chief analyst for Google's Threat Intelligence Group, said the recent attacks against the insurance companies "bear all the hallmarks" of the Scattered Spider cybercrime group, which has been previously tied to high-profile attacks against financial services, telecommunications and Las Vegas casinos and hotels. "Given this actor's history of focusing on a sector at a time, the insurance industry should be on high alert, especially for social engineering schemes which target their help desks and call centers," Hultquist said in a statement. While it's yet to be determined exactly who has been affected and how bad the damage could be, Aflac has taken the unsual step of already offering to provide free credit monitoring, identity theft protection and Medical Shield coverage for 24 months to customers who contact its call center at 855-361-0305. Aflac is the largest provider of supplemental health insurance in the US and has a global customer base of about 50 million people.
New York Post
7 hours ago
- New York Post
Aflac customer data breached by cybercriminals in latest hit on US insurance industry
Aflac's customer data has been breached in the latest cyberattack on the US insurance industry – potentially jeopardizing Social Security numbers, insurance claims and health information, the company said Friday. It's the largest insurance company yet to fall victim to a major hacking, with tens of millions of customers and a $55 billion market cap. 'This attack, like many insurance companies are currently experiencing, was caused by a sophisticated cybercrime group,' Aflac said Friday. Aflac said Friday that its network had been hacked by cybercriminals. yu_photo – Aflac — long known for its quacking duck TV commercials — said it is unable to determine the total number of impacted individuals and the specific data stolen. Its systems were not affected by ransomware, so it is fully operational, and the company has engaged third-party cybersecurity experts, Aflac added. It said it stopped the intrusion on June 12 hours after it noticed suspicious activity. Erie Insurance and Philadelphia Insurance Companies have also reported hacks this month. Both of those cases led to widespread disruptions across their IT systems. All three of the major hacks are consistent with techniques used by a group of young cybercriminals known as Scattered Spider, sources familiar with the investigation told CNN. Aflac said the hackers used 'social engineering' tactics to breach their network, manipulating employees to gain access to a company system and often posing as tech support workers over the phone — a trademark of Scattered Spider. All three of the major hacks are consistent with methods used by Scattered Spider, sources told CNN. Montri – In the past, these hackers have posed as company help desk staffers to obtain credentials from employees or tricked workers into installing tools on their devices that will hand over network access, according to the US Cybersecurity & Infrastructure Security Agency. Scattered Spider is believed to be made up of teens and young adults in the US and UK and is known for aggressively extorting victims. Its members recently targeted Marks & Spencer and other UK retailers, and famously carried out a hacking spree across Las Vegas casinos in September 2023. Cybersecurity executives have sounded the alarms over the group's attack on the US insurance industry, warning companies to tell their employees to be wary of suspicious phone calls. Aflac did not mention Scattered Spider by name in its press release.
