1 week ago
6
ARTICLE AD BOX
Preliminary findings indicate that compromised files may include claims information, health data, social security numbers, and other personal details.
Aflac stated that the cyberattack used social engineering techniques to gain unauthorised access to the company’s network. (Photo: mariakray/ Shutterstock)
US-based insurance provider Aflac has confirmed a cybersecurity breach impacting its systems that has potentially resulted in the theft of personal and health information. The company, which provides supplemental insurance services in the US and Japan, has already engaged external cybersecurity experts to investigate the incident. The insurer has clarified that ransomware was not involved in the incident.
“On 12 June 2025, Aflac Incorporated identified suspicious activity on our network in the US,” the insurer said in a press statement. “We promptly initiated our cyber incident response protocols and stopped the intrusion within hours. Importantly, our business remains operational, and our systems were not affected by ransomware. We continue to serve our customers as we respond to this incident and can underwrite policies, review claims, and otherwise service our customers as usual.”
Aflac has yet to determine the exact number of individuals affected, as the investigation is still in its early stages. However, preliminary findings suggest that the potentially compromised files may include claims information, health data, social security numbers, and other personal details.
Aflac breach carries hallmarks of Scattered Spider’s tactics
The insurer attributed the breach to a ‘sophisticated cybercrime group’, without naming the specific perpetrators. The attack involved the use of social engineering techniques to gain unauthorised access to the company’s network.
“This attack, like many insurance companies are currently experiencing, was caused by a sophisticated cybercrime group. This was part of a cybercrime campaign against the insurance industry,” Aflac further stated in the statement.
A BleepingComputer report suggests that the breach bears the characteristics of a Scattered Spider attack. Scattered Spider is known for executing advanced social engineering attacks on high-profile organisations globally. Recently, this group has been focusing its efforts on US insurance companies.
Scattered Spider’s tactics have also been employed in recent attacks on UK retail chains. British retailer Marks & Spencer (M&S) was compromised in a ransomware incident involving the encryption of virtual machines on VMware ESXi hosts using a DragonForce encryptor. This attack was attributed to Octo Tempest, Microsoft’s designation for Scattered Spider. Following the breach, M&S projected a £300m decline in its operating profit for the year.
The group reportedly targeted Co-op, too, which confirmed data theft from numerous current and former members. Luxury retail store Harrods also had to restrict internet access to certain sites last month following an attempted network infiltration by attackers.
Read more: Canada’s WestJet probes cyberattack on internal systems
More Relevant
close
Sign up to the newsletter: In Brief
Your corporate email address *
I would also like to subscribe to:
Vist our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
