Cyberattack on Aflac: Millions of US insurance customers' data stolen

In the wake of rising cyberattacks, Aflac, one of the largest insurance companies in the U.S., has been hit by a cyberattack that stole an immeasurable amount of personal information of customers.

Cyberattack on Aflac was disclosed in a filing with the U.S. Securities and Exchange Commission, revealing that hackers accessed its network on June 12 and that the takeover was intact since then.

The stolen data includes sensitive information such as Social Security numbers and health details related to customer claims, as well as information from Aflac’s beneficiaries, employees, and agents.

Attributing the breach to a cybercrime group targeting the U.S. insurance sector, the insurance firm confirmed that its systems were not impacted by ransomware.

To illicitly access US insurance customers' data by infiltrating Aflac's network, the hackers used social engineering tactics.

Aflac has approximately 50 million customers and is the latest U.S. insurance firm to have faced cyberattacks, which raise concerns about threats to the industry.

John Hultquist, chief analyst for Google’s threat intelligence unit, claimed that multiple recent intrusions pointed to a group known as Scattered Spider, which takes help from social engineering and sometimes threats to access company networks.

This group was also implicated in recent attacks on Erie Insurance and Philadelphia Insurance Companies.

Scattered Spider, the hacker group, is infamous for financially motivated attacks and has previously targeted various sectors, including tech companies, casinos, and hotels.