Insurer Aflac investigating possible data leak after cyberattack

Aflac said the attack was identified on June 12 and carried out by a sophisticated cybercrime group.

Sign up here.

An Aflac spokesperson told Reuters that the characteristics of the incident were consistent with Scattered Spider, a hacking group that has been around since May 2022 and has a reputation for targeting multiple companies in a single industry in waves.

The group's specialty is identity-based tactics through methods like scamming help desks to reset credentials and bypassing multi-factor authentication, said Steve Cagle, CEO at healthcare security firm Clearwater.

The Aflac spokesperson said the company's review of the attack was in early stages and it cannot disclose how many customers were affected or how long the investigation would take.

The company offers accident and pet insurance plans in the U.S. and Japan and manages personal, medical and financial data of more than 50 million policyholders.

The attack potentially impacted files containing personal information of Aflac's customers, such as social security numbers and health-related details.

The insurer said it was able to stop the intrusion within hours and has reached out to third-party cybersecurity experts to investigate the incident.

The company added that it can continue to provide its services as usual while it responds to the security breach.

Reporting by Christy Santhosh and Puyaan Singh in Bengaluru; Additional reporting by AJ Vicens in Detroit; Editing by Shailesh Kuber and Maju Samuel

Our Standards: The Thomson Reuters Trust Principles., opens new tab