Insurance company Aflac in Columbus, Georgia, has announced that it encountered a cyberattack. Aflac is the biggest company in the United States offering supplemental insurance and claims to offer financial security to over 50 million people around the world.
Aflac announced the cyberattack while filing with the U.S. Securities and Exchange Commission (SEC) on June 12, 2025. The company explained that upon discovery of the attack, it implemented its cybersecurity incident response measures and managed the attack within hours. The attack didn’t disrupt business operations. Aflac continued to underwrite policies, evaluate claims, and provide services to customers.
Aflac has engaged the expertise of top cybersecurity specialists to help with its breach response initiatives and the attack investigation. Aflac mentioned no ransomware was used in the cyberattack, but data seems to have been compromised. Analysis of the potentially breached files is ongoing. At this time of the file analysis, the number of affected individuals still cannot be determined.
Aflac stated that the exposed information likely includes names, claims data, medical data, Social Security numbers, and other personal details associated with clients, beneficiaries, staff members, agents, and other persons in its U.S. company. Free credit checking and identity theft protection services will be provided to the impacted individuals. A notification will be sent to government regulators about the scope of the data breach. Like several insurance providers currently encountering attacks, this was orchestrated by a cybercrime group as part of a cybercrime campaign against the insurance market.”
The cybercrime campaign has included attacks on other big insurance companies in the United States, such as the Erie Insurance Group and Philadelphia Insurance Companies. Much like the Aflac attack, there was no file encryption in these two incidents, only data theft. No ransomware group has claimed responsibility for the attack, but the timing of the attacks indicates that one threat actor conducted all three attacks.
The probable perpetrator is a threat group named Scattered Spider, which is observed to attack big companies in one industry during a particular period. Lately, Scattered Spider has attacked the retail industry, including the UK’s Marks & Spencer, Harrods luxury department store, and Co-op, and the U.S.’s United Natural Foods and Victoria’s Secret.
According to the Google Threat Intelligence Group researchers, the group shifted to attacking the insurance companies and thus released an alert. ReliaQuest cautioned that the group is attacking IT service companies and Managed Service providers to impact their downstream customers, which may include HIPAA-covered entities. Google Threat Intelligence Group researchers recently said that the latest cyberattacks on the insurance industry show signs of Scattered Spider attacks.
Scattered Spider usually targets company networks and uses ransomware after exfiltrating data. However, ransomware was not used in these cyberattacks. It is likely that the attacks were discovered and stopped before deploying ransomware. The group might have adjusted its tactics, concentrating on data theft and extortion only. Although the attacker is not yet confirmed, the target is certainly the insurance market. All insurance companies should stay alert since more cyberattacks may be attempted.
Image credit; Suriya, AdobeStock
