Latest news with #PhiladelphiaInsurance
CNET
5 hours ago
- Business
- CNET
Cybercriminals Breach Aflac, Private Customer Data Could Be At Risk
Aflac said Friday that cybercriminals breached its computer systems, potentially exposing some of the most personal data including the Social Security numbers and healthcare information of an unknown number of Americans and marking the latest in a recent string of online attacks against insurance companies. The Columbus, Georgia-based insurance giant said that it detected suspicious activity on its US networks, quickly responded to it and managed to stop the online intruders "within hours." Aflac added that its business remains operational and that its systems were not infected with ransomware. Aflac is the latest and biggest insurance companies to so far be targeted by cybercriminals. Philadelphia Insurance and Erie Insurance were both hit by cyberattacks earlier this month and have yet to resume full operations. "This attack, like many insurance companies are currently experiencing, was caused by a sophisticated cybercrime group," Aflac said in a statement without providing details to back that claim. "This was part of a cybercrime campaign against the insurance industry." Aflac said that it's working with outside cybersecurity experts to investigate the breach. It's in the process of determining which of its files were potentially compromised and how many people may have been affected. The potentially affected files could include customer data like Social Security numbers, insurance claims, health information and other personal details. Information about Aflac's employees, agents and other people involved in its US businesses could also be compromised, the company said. While that investigation is still in its early stages, Aflac it appears that the attackers gained access to its networks through a social engineering attack, where instead of breaking into a computer system attackers will often pose as someone in authority like an executive or a IT worker to trick an employee into handing over their legitimate login credentials. John Hultquist, chief analyst for Google's Threat Intelligence Group, said the recent attacks against the insurance companies "bear all the hallmarks" of the Scattered Spider cybercrime group, which has been previously tied to high-profile attacks against financial services, telecommunications and Las Vegas casinos and hotels. "Given this actor's history of focusing on a sector at a time, the insurance industry should be on high alert, especially for social engineering schemes which target their help desks and call centers," Hultquist said in a statement. While it's yet to be determined exactly who has been affected and how bad the damage could be, Aflac has taken the unsual step of already offering to provide free credit monitoring, identity theft protection and Medical Shield coverage for 24 months to customers who contact its call center at 855-361-0305. Aflac is the largest provider of supplemental health insurance in the US and has a global customer base of about 50 million people.
Fast Company
8 hours ago
- Business
- Fast Company
Aflac hacked: Social Security numbers, claims, and health data at risk in insurance firm cyberattack
Aflac Incorporated (NYSE: AFL) was the most recent target of a 'sophisticated cybercrime group' that has led a campaign against a number of insurance companies in recent weeks, according to a statement issued by the company today. The cyberattack, which was first identified by the company June 12, was stopped within a few hours and business operations were not impacted. However, the number of Aflac insurance-holders affected by the breach is still unknown. Files containing personal information, such as Social Security numbers, health information, and insurance claims information, could have been compromised during the attack, the company said. 'We regret that this incident occurred,' the company wrote in a statement. 'We will be working to keep our stakeholders informed as we learn more and continue investigating the incident.' During the investigation, Aflac is offering credit monitoring, identity theft protection, and a two year Medical Shield policy for free to any customers who call their incident-dedicated call center. The company suspects social engineering helped the cybercrime group infiltrate its networks. Social engineering—which includes tactics like phishing emails—involves deceiving a victim into revealing personal information or providing access into otherwise secure systems. Aflac is only the latest insurance company impacted by these cybersecurity incidents. Erie Insurance and Philadelphia Insurance Companies issued statements about similar cyberattacks earlier this week, exposing a growing threat to the insurance industry. The insurance industry is a recent target of a cybercrime group called Scattered Spider, John Hultquist, chief analyst of Google's threat intelligence group, shared Monday on X. Scattered Spider, also known as UNC3944, is reportedly a group of hackers who target large organizations primarily in English-speaking countries. The group previously gained attention targeting U.K. retailers, such as Marks & Spencer and Harrods. To defend against attacks by Scattered Spider, Google's threat intelligence group suggests companies should educate employees about social engineering tactics and strengthen security measures, such as identity verification and authentication procedures. Aflac did not immediately respond to a request for comment about which social engineering tactics were used in the attack and whether additional cybersecurity measures would be put in place to ward off future attacks. After a 1.37% drop between the close of trading Wednesday and opening on Friday, Aflac's stock price is looking up as the dust settles following the incident.
Yahoo
11 hours ago
- Business
- Yahoo
Aflac says cyberattack breach could expose personal data of customers
A group of cybercriminals hacked into data systems at insurance company Aflac, possibly gaining access to sensitive information such as Social Security numbers and health reports, the company said on Friday. Aflac, which boasts millions of customers, 'identified suspicious activity' and 'stopped the intrusion within hours,' the company said. The company attributed the attack to a 'sophisticated cybercrime group' but did not identify the organization. MORE: Trump admin live updates: Appeals court keeps California National Guard in Trump's hands The cyberattack marks the latest in a string of data breaches targeting insurance companies, including attacks earlier this month against Philadelphia Insurance Companies and Erie Insurance. 'This attack, like many insurance companies are currently experiencing, was caused by a sophisticated cybercrime group. This was part of a cybercrime campaign against the insurance industry,' Aflac said in a statement. The company has opened an investigation into the cyberattack, saying initial findings indicate the cybercriminals deployed 'social engineering tactics' or measures that rely on manipulation to gain network access. Information tied to customers' insurance claims and personal data may also have been breached in the cyberattack, Aflac said. MORE: A pregnant brain-dead woman in Georgia was kept on life support. Experts say it raises ethical, legal questions 'We regret that this incident occurred,' Aflac said. 'We will be working to keep our stakeholders informed as we learn more and continue investigating the incident.' Aflac generated nearly $19 billion in revenue last year, which marked a 1.2% increase over the previous year, according to an earnings release.
CBS News
11 hours ago
- Business
- CBS News
Aflac says hackers may have stolen customers' claims info, including Social Security numbers
Aflac on Friday said hackers have gained access to its customers personal information in a cybersecurity attack last week. The company, which provides millions of customers with accident, life and health insurance policies, confirmed the June 12 incident in a statement on Friday, saying it was committed by a "sophisticated cybercrime group" that used "social engineering tactics" to gain access to its network. While Alfac said it's unable to determine how many people have been affected as of yet, it noted that claims information, health information, Social Security numbers and other personal information were possibly compromised. The insurer said it stopped the intrusion after identifying suspicious activity on its U.S. network and that its systems were not affected by ransomeware. "We promptly initiated our cyber incident response protocols and stopped the intrusion within hours," the company said. Aflac is the latest company to be targeted in a recent wave of cybersecurity attacks, which have grown more advanced in recent years. Two insurers, Erie Insurance and Philadelphia Insurance Companies, announced their networks were hacked earlier this month. "This was part of a cybercrime campaign against the insurance industry," Aflac wrote on Friday. Hackers over the years have expanded their target list to include cities and municipalities, hospitals, hotels and casinos, as reported by CBS News' 60 Minutes. Last year, a cyberattack on UnitedHealth Group cost providers an estimated $100 million a day. Aflac said it launched an investigation led by third-party cybersecurity experts and is reviewing "potentially impacted files." In the meantime, it is offering customers free credit monitoring and identity theft protection, and Medical Shield for 24 months. Aflac's business remains operational, the company confirmed. "We continue to serve our customers as we respond to this incident and can underwrite policies, review claims and otherwise service our customers as usual," the company said. Consumers interested in additional information on the hack, can call Aflac's dedicated call center at 1-855-361-0305, Monday through Friday from 9:00 a.m. – 9:00 p.m. EST, Saturday from 9:00 a.m. – 5:30 p.m. and Sundays from 10:00 a.m. – 4:00 p.m. The call center will be available until the end of June.
Yahoo
11 hours ago
- Business
- Yahoo
Cybercriminals breach Aflac as part of hacking spree against US insurance industry
Cybercriminals have breached insurance giant Aflac, potentially stealing Social Security numbers, insurance claims and health information, the company said Friday, the latest in a spree of hacks against the insurance industry. With billions of dollars in annual revenue and tens of millions of customers, Aflac is the biggest victim yet in the ongoing digital assault on US insurance companies that has the industry on edge and the FBI and private cyber experts scrambling to contain the fallout. Erie Insurance and Philadelphia Insurance Companies have also reported hacks this month, which in those cases have caused widespread disruptions to IT systems used to serve customers. All three insurance-company hacks are consistent with the techniques of a young and rampant cybercrime group known as Scattered Spider, people familiar the investigation tell CNN. 'This attack, like many insurance companies are currently experiencing, was caused by a sophisticated cybercrime group,' Aflac said in a statement on Friday, without naming Scattered Spider. Aflac said it 'stopped the intrusion within hours' after discovering it last week, that no ransomware was deployed, and that it continues to serve its customers. It was too early to tell, the company said, how much customer information may have been stolen, but the potential exposure is vast. Aflac is one of the largest providers of supplemental health insurance in the US for medical expenses that aren't covered by a primary provider. The hackers used 'social engineering' to worm their way into its network, according to Aflac. That tactic can involve duping someone into revealing security information to help gain access to a network. It's a hallmark of Scattered Spider attackers, who are known to pose as tech support to infiltrate big corporations. The loose group of cybercriminals is considered dangerous and unpredictable, in part because it is believed to be comprised of youths in the US and the UK known for aggressively extorting their victims. Scattered Spider shot to infamy in September 2023 when they were linked to a pair of multimillion-dollar hacks on famous Las Vegas casinos and hotels MGM Resorts and Caesars Entertainment. The hackers' tactics, and the way they target big swaths of American industries at a time, has cybersecurity executives pleading with companies to be wary of suspicious phone calls to their employees. Just last month, they were suspects in multiple cyberattacks on American retail companies. 'If Scattered Spider is targeting your industry, get help immediately,' said Cynthia Kaiser, who until last month was deputy assistant director of the FBI's Cyber Division and oversaw FBI teams investigating the hackers. 'They can execute their full attacks in hours. Most other ransomware groups take days.' Scattered Spider often registers web domains that look very much like trusted help desks that companies use for IT support, the cybersecurity firm Halcyon, where Kaiser now works, says in a forthcoming report. While concerns about Iranian cyber capabilities are in the news because of the Israel-Iran war, 'the threat I lose sleep over is Scattered Spider,' said John Hultquist, chief analyst at Google's Threat Intelligence Group. 'They are already taking food off shelves and freezing businesses. The Iranian hackers may not even have Internet access, but these kids are in play right now.'
