Aflac Cyberattack Exposes Customer, Beneficiary Data

Aflac, a leading U.S. supplemental health insurance provider, experienced a cybersecurity breach on June 12, 2025, likely linked to the Scattered Spider cybercrime group and part of a larger attack campaign against the insurance sector. The attackers used social engineering to access sensitive information, potentially exposing Social Security numbers, health and claims data, and other personal details of customers, beneficiaries, employees, and agents. Aflac contained the intrusion within hours, with no business disruption and no ransomware used. The company is working with cybersecurity experts and providing free credit monitoring and identity theft protection to those affected. Erie Insurance and Philadelphia Insurance Companies were also targeted in the campaign, underscoring the industry's vulnerability to evolving cyber threats. The incident highlights the urgent need for insurers to upgrade security systems and adopt more proactive cybersecurity defenses.