Insurance provider Aflac has confirmed that it was the victim of a cyberattack that compromised customer personal information. The incident occurred on June 12 and was conducted by a 'sophisticated cybercrime group' using advanced social engineering tactics.
Details of the Cyberattack
On Friday, Aflac announced that it activated its cybersecurity protocols upon detecting suspicious activity within its U.S. network. While no ransomware was deployed, the company confirmed that an unauthorized actor had accessed its systems using deceptive tactics.
Company's Response and Consequences
After discovering the breach, Aflac engaged top-tier cybersecurity professionals to lead the investigation. The company stated that potentially affected files may contain claims information, health records, and social security numbers related to customers and others. Aflac is offering free credit monitoring and identity theft protection for 24 months to impacted individuals.
Insights on Hacker Group
Analysts believe the breach may be linked to the Scattered Spider group, known for its aggressive tactics targeting U.S. corporations. This group gained attention from authorities in 2023 after attacks on MGM Resorts and Caesars Entertainment in Las Vegas. Experts indicate that Scattered Spider can execute attacks in just a few hours.
The Aflac incident highlights the threat posed by cyberattacks to the insurance industry. The company continues to work on addressing the situation and providing support to its customers during this challenging time.
