21.06.2025 11:50

A major cybersecurity incident has impacted Aflac, a leading American insurance provider. On Friday, the company publicly acknowledged a data breach resulting from a sophisticated cyberattack that compromised the personal information of its customers, including sensitive data such as Social Security numbers. This breach, which occurred on June 12th, was attributed by Aflac to a highly skilled cybercrime group employing advanced social engineering techniques.


Aflac's internal cybersecurity protocols were immediately activated following the detection of suspicious activity on their US network. While the attackers didn't deploy ransomware, the company confirmed unauthorized access to their systems via deceptive social manipulation. In a formal statement, Aflac expressed regret over the incident and pledged to maintain transparent communication with stakeholders throughout their ongoing investigation.


This data breach adds to a concerning trend of cyberattacks targeting the insurance sector this month. Following similar incidents reported by Erie Insurance and Philadelphia Insurance Companies earlier in June, Aflac characterized this attack as part of a broader cybercrime campaign specifically targeting the insurance industry. The company emphasizes that they swiftly contained the intrusion within hours of discovery, ensuring the continued, uninterrupted operation of core business functions.


Despite the successful mitigation of the breach, the incident remains under investigation. Aflac's statement refrained from naming the perpetrators; however, cybersecurity analysts suspect involvement from Scattered Spider, a notorious hacking group known for their aggressive tactics and targeting of large US corporations. This group, attracting significant attention in 2023 after prominent attacks on MGM Resorts and Caesars Entertainment, is believed to consist of younger hackers based in both the United States and the United Kingdom, renowned for their sophisticated deception and rapid actions. Aflac maintains its commitment to customer service, assuring customers that policy underwriting, claims processing, and other core services remain fully operational. The full extent of the data breach and its long-term implications remain under scrutiny.