Aflac got hacked by a cybercrime gang targeting insurance companies
Attack is consistent with Scattered Spider, although no ransomware was involved and the breach was dealt with within hours
Photo: SOPA Images (Getty)
Health insurance giant Aflac revealed that it had been the victim of a cybersecurity breach on Friday, but that it had been dealt with within hours.
Suggested Reading
It’s the latest in a series of hacks targeting the insurance industry, following cyberattacks earlier this week on Erie Insurance, which suffered a weeklong outage, and Philadelphia Insurance Companies, also downed for days.
Related Content
Aflac, which bills itself as the “No. 1 provider of supplemental health insurance products” in the U.S., has approximately 50 million customers. The company said that it was too early to tell how many users were affected in the breach.
Earlier this week, the Google Threat Assessment Group warned that “multiple intrusions in the U.S.” bear the marks of Scattered Spider, a ransomware group that targeted Marks & Spencer and other retailers, and is most famous for hacking Las Vegas casinos in September 2023.
Chief Google analyst John Hultquist told The Register, an enterprise technology news outlet, that the cybercrime group usually focuses on one sector at a time, and that “the insurance industry should be on high alert, especially for social engineering schemes, which target their help desks and call centers." Social engineering is when a hacker poses as a tech-support worker to acquire security information.
Aflac said social engineering caused their hack, although the breach did not involve ransomware, and they did not name Scattered Spider in their statement, instead referring to “a sophisticated cybercrime group.”
The largest breach in U.S. healthcare history happened in February 2024, to Change Healthcare, which affected more than million users, according to the Department of Health and Health Services. Stolen data in any such incident include not just medical records, but credit card numbers, Social Security Numbers, driver’s licenses, and more.
Aflac reassured its customers that the problem had been dealt with by cyber-incident response protocols, and that customer service would not be affected.