Aflac, one of the largest supplemental health insurance providers in the United States, confirmed on Friday that cybercriminals breached its systems, potentially compromising sensitive customer data including Social Security numbers, insurance claims, and health information, CNN reports.
The breach is the latest in a string of cyberattacks that have targeted the US insurance industry in recent weeks, raising concerns among companies, law enforcement, and cybersecurity experts.
With tens of millions of policyholders and billions of dollars in annual revenue, Aflac represents the biggest victim yet in a wave of attacks that has also affected Erie Insurance and Philadelphia Insurance Companies. All three incidents share hallmarks consistent with tactics used by the cybercrime group known as Scattered Spider, according to individuals familiar with ongoing investigations.
In a statement, Aflac described the attack as the work of a “sophisticated cybercrime group” and emphasized that the company “stopped the intrusion within hours” of discovering it last week. Aflac said that, while no ransomware was deployed and operations continue, it is still assessing the scope of potential data loss. The full impact on customer information remains unknown at this time.
The hackers reportedly gained access through “social engineering,” a method that involves tricking employees into revealing credentials or granting network access—often by impersonating trusted technical support staff. This approach is characteristic of Scattered Spider, a loosely organized group believed to include members in both the US and the UK. The group has gained notoriety for high-profile attacks on major US companies, including casino giants MGM Resorts and Caesars Entertainment in 2023.
Cybersecurity analysts have warned that Scattered Spider is unusually aggressive, sometimes launching full-scale attacks within hours rather than the days it typically takes other criminal groups. Their tactics include registering fake domains that closely resemble legitimate IT help desk portals, further increasing the risk to organizations.
The recent insurance industry breaches come amid heightened concern about cybersecurity threats, with experts urging companies to remain vigilant.
“If Scattered Spider is targeting your industry, get help immediately,” said Cynthia Kaiser, former deputy assistant director of the FBI’s Cyber Division, now with cybersecurity firm Halcyon. “They can execute their full attacks in hours.”
John Hultquist, chief analyst at Google’s Threat Intelligence Group, emphasized the seriousness of the threat, describing Scattered Spider as a more immediate concern than other widely discussed adversaries.
“They are already taking food off shelves and freezing businesses,” Hultquist said.
The latest news in your social feeds
Subscribe to our social media platforms to stay tuned