Aflac Confirms Data Breach: Customer Social Security Numbers Exposed

🚨

Aflac, one of the largest insurance companies in the U.S., confirmed on Friday that a cyberattack compromised sensitive customer data, including Social Security numbers. The breach, which occurred on June 12, 2025, was the result of a social engineering attack by a "sophisticated cybercrime group," according to the company.

⚠️ What Happened?

Aflac detected suspicious activity within its U.S. network and quickly activated its cybersecurity protocols. While no ransomware was deployed, an unauthorized individual gained access through deceptive manipulation of internal systems.

“We regret that this incident occurred. We are committed to transparency and will continue to update our stakeholders,” Aflac said in a press release.

🧠 Who’s Behind It?

While Aflac has not officially identified the attackers, cybersecurity analysts believe the group Scattered Spider may be involved. Known for high-profile attacks on MGM Resorts and Caesars Entertainment, the group uses fake IT support websites to trick employees into giving access.

“They move fast. Their attacks can unfold within hours,” said former FBI cyber official Cynthia Kaiser, now with cybersecurity firm Halcyon.

📉 Industry-Wide Pattern

This breach follows similar incidents at Erie Insurance and Philadelphia Insurance Companies earlier this month. Experts suggest that the attacks may be part of a wider campaign targeting the insurance sector.

Despite the breach, Aflac says its core operations remain unaffected, and it is continuing normal service, including underwriting policies and processing claims.

🛡 What Data Was Stolen?

Aflac confirmed that the breach may have exposed:

• Personal and health information

• Claims-related documents

• Social Security numbers

• Employee and agent records

The company is offering free credit monitoring, identity theft protection, and Medical Shield coverage for two years to affected individuals.

🔍 What's Next?

Aflac has brought in top-tier cybersecurity experts to investigate and secure its systems. They pledged full transparency and ongoing updates as the investigation continues. #HackerAlert #CryptoClause #security