BusinessCybersecurityNewswireSecurity

Aflac Confirms Data Breach Amid Scattered Spider Cyberattacks

Photo of The Wiz The Wiz Follow on X Send an email June 21, 2025Last Updated: June 21, 2025
1 minute read
Aflac logo in blue with a white duck superimposed on a red background of blurred people walking.

Aflac has confirmed a cybersecurity breach potentially exposing sensitive customer data, marking the latest incident in a string of attacks targeting major U.S. insurance providers. The company clarified that ransomware was not deployed, though investigators are still assessing whether the intrusion involved data theft alone.

As one of America’s largest supplemental insurers, Aflac serves millions of customers across the U.S. and Japan, making the breach particularly concerning given the potential exposure of personal and health information. In an official statement, the company emphasized that its operations remain unaffected, with policy underwriting, claims processing, and customer service continuing without disruption.

The breach bears hallmarks of Scattered Spider, a notorious cybercrime collective linked to high-profile attacks on corporations worldwide. Known for tactics like phishing, SIM swapping, and social engineering, the group has recently shifted focus to the insurance sector. Earlier this year, they infiltrated MGM Resorts, encrypting critical systems after impersonating an employee. Their collaboration with ransomware groups like BlackCat and RansomHub has amplified their threat level.

Aflac has engaged external cybersecurity experts to determine the scope of the incident. Filings with the SEC reveal that compromised data may include Social Security numbers, health records, and other personally identifiable information tied to customers, employees, and agents. While the company has not confirmed Scattered Spider’s involvement, industry analysts note the attack aligns with the group’s pattern of sector-specific targeting.

READ ALSO  Ransomware & USB Attacks Threaten OT Systems

Security experts warn that insurance firms remain prime targets. Recent breaches at Philadelphia Insurance Companies and Erie Insurance underscore the urgency for heightened vigilance, particularly against social engineering attempts aimed at help desks and call centers. John Hultquist of Google’s Threat Intelligence Group cautioned that Scattered Spider tends to concentrate on one industry before pivoting, as seen in their earlier campaigns against UK retailers before shifting to U.S. targets.

Aflac’s swift containment of the breach highlights the importance of robust incident response plans. However, the incident serves as a stark reminder that even Fortune 500 companies face escalating risks from increasingly sophisticated cybercriminals. Customers are advised to monitor accounts for suspicious activity while the investigation continues.

(Source: Bleeping Computer)

Topics

aflac cybersecurity breach 95% exposure sensitive customer data 90% scattered spider cybercrime collective 85% insurance sector cyber threats 80% social engineering attacks 75% impact aflac operations 70% sec filings data compromise 65% cybersecurity incident response 60% customer vigilance monitoring 55%
Tags
Photo of The Wiz The Wiz Follow on X Send an email June 21, 2025Last Updated: June 21, 2025
1 minute read
Show More
Photo of The Wiz

The Wiz

Wiz Consults, home of the Internet is led by "the twins", Wajdi & Karim, experienced professionals who are passionate about helping businesses succeed in the digital world. With over 20 years of experience in the industry, they specialize in digital publishing and marketing, and have a proven track record of delivering results for their clients.