Aflac, one of the largest insurance companies in the United States, announced that hackers stole an unknown amount of customer personal information from its network during a cyberattack earlier this month.
The insurance giant acknowledged Friday in a legally required filing with the U.S. Securities and Exchange Commission that it identified the hacker in its systems on June 12 and contained the incident. Aflac, which provides supplemental insurance to individuals whose major insurance companies cannot cover the cost, said it is not yet clear how many customers are affected by the data breach, but the personal data includes customer claims, such as social security numbers and health information.
The company said the breach also included data from Aflac beneficiaries, employees and agents.
Aflac claimed that its systems were not affected by the ransomware, but that the breach was by an unspecified cybercriminal group known to target the U.S. insurance industry. In a press release Friday, Aflac said hackers used social engineering tactics to infiltrate its network.
An Aflac spokesperson, who declined to be named, declined to respond to TechCrunch’s emailed questions on Monday.
Aflac, which has about 50 million customers per its website, is the latest U.S. insurance company to experience a cyberattack in recent weeks amid warnings that hackers are targeting the entire insurance industry.
John Hultquist, chief analyst for Google’s threat intelligence division, said last week that the division is “aware of multiple intrusions” in the United States. Scattered Spiders are a loosely organized group of hackers that target corporate help desks and call centers and rely on social engineering tactics and sometimes threats of violence to gain access to networks.
Hackers were also reportedly involved in recent breaches at Erie Insurance Company and Philadelphia Insurance Company, which revealed cyber attacks this month, and the chaos continues.
The hackers behind the Scattered Spider attacks are known to be financially motivated and have been linked to previous cyberattacks and intrusions at tech giants, casinos and hotels, as well as recent data breaches in the UK and US retail industries.
tech crunch event
san francisco
|
October 13-15, 2026
