Aflac’s buyer knowledge has been breached within the newest cyberattack on the US insurance coverage business – doubtlessly jeopardizing Social Safety numbers, insurance coverage claims and well being data, the corporate stated Friday.
It’s the biggest insurance coverage firm but to fall sufferer to a serious hacking, with tens of hundreds of thousands of shoppers and a $55 billion market cap.
“This attack, like many insurance companies are currently experiencing, was caused by a sophisticated cybercrime group,” Aflac stated Friday.
Aflac — lengthy recognized for its quacking duck TV commercials — stated it’s unable to find out the whole variety of impacted people and the precise knowledge stolen.
Its methods weren’t affected by ransomware, so it’s totally operational, and the corporate has engaged third-party cybersecurity specialists, Aflac added.
It stated it stopped the intrusion on June 12 hours after it observed suspicious exercise.
Erie Insurance coverage and Philadelphia Insurance coverage Corporations have additionally reported hacks this month.
Each of these instances led to widespread disruptions throughout their IT methods.
All three of the main hacks are in step with methods utilized by a gaggle of younger cybercriminals often called Scattered Spider, sources acquainted with the investigation instructed CNN.
Aflac stated the hackers used “social engineering” ways to breach their community, manipulating staff to achieve entry to an organization system and infrequently posing as tech assist staff over the telephone — a trademark of Scattered Spider.
Prior to now, these hackers have posed as firm assist desk staffers to acquire credentials from staff or tricked staff into putting in instruments on their units that may hand over community entry, in keeping with the US Cybersecurity & Infrastructure Safety Company.
Scattered Spider is believed to be made up of teenagers and younger adults within the US and UK and is understood for aggressively extorting victims.
Its members not too long ago focused Marks & Spencer and different UK retailers, and famously carried out a hacking spree throughout Las Vegas casinos in September 2023.
Cybersecurity executives have sounded the alarms over the group’s assault on the US insurance coverage business, warning firms to inform their staff to be cautious of suspicious telephone calls.
Aflac didn’t point out Scattered Spider by title in its press launch.
