US insurance giant Aflac says customers' personal data stolen during cyberattack

Aflac, one of the largest insurance companies in the United States, says hackers stole an unknown quantity of its customers' personal information from its network during a cyberattack earlier this month.
The insurance giant confirmed Friday in a legally required filing with the U.S. Securities and Exchange Commission that the company identified hackers in its system on June 12 and contained the incident. Aflac, which provides supplemental insurance to individuals whose expenses are not covered by their primary providers, said it was not yet known how many customers are affected by the data breach, but that the personal data includes customers' claims, such as Social Security numbers and health information.
The breach also included data from Aflac's beneficiaries, employees, and agents, the company said.
Aflac said its systems were not affected by ransomware, but attributed the breach to an unspecified cybercrime group known to be targeting the U.S. insurance industry. According to its Friday press release, Aflac said the hackers used social engineering tactics to break into its network.
An Aflac spokesperson, who did not provide their name, declined to answer TechCrunch's questions when reached by email on Monday.
Aflac, which has around 50 million customers per the company's website, is the latest U.S. insurance company to experience a cyberattack in recent weeks, amid warnings that hackers are targeting the wider insurance industry.
John Hultquist, the chief analyst for Google's threat intelligence unit, said last week that the unit was 'aware of multiple intrusions' in the U.S. that bear the hallmarks of activity linked to Scattered Spider, a loose-knit collective of hackers and tactics that rely on social engineering tactics and sometimes threats of violence to target company help desks and call centers in order to gain access to their networks.
The hackers are also reportedly behind the recent intrusions at Erie Insurance and Philadelphia Insurance Companies, which disclosed cyberattacks this month, with disruption ongoing.
The hackers linked to Scattered Spider attacks are known to be financially motivated, and have been previously linked to cyberattacks and intrusions at tech giants, casinos, and hotels, and recent data breaches across the U.K. and U.S. retail sector.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Washington Post

26 minutes ago

• Washington Post

Jury sees more sex videos as prosecutors wind down case against Sean 'Diddy' Combs

NEW YORK — The jury at Sean 'Diddy' Combs ' sex trafficking trial viewed more video recordings on Monday of the sex marathons that have played a prominent role in a prosecution that was likely to rest by Tuesday. Assistant U.S. Attorney Maurene Comey sometimes referred to the mostly 1- or 2-minute clips filmed by the music mogul as 'explicit' videos, a signal for jurors to put on headsets that enabled them to hear and view the recordings without them being heard or seen by spectators in the Manhattan courtroom. Prosecutors have cited the drug-fueled multi-day events as evidence of sex trafficking and racketeering conspiracy charges, saying Combs relied on employees, associates and his business accounts to fly male sex workers to Miami, Los Angeles, Las Vegas and New York, where his staff set up hotel rooms for the encounters and cleaned up afterward. Last week, prosecutors showed jurors about 2 minutes of the footage from 2012 and 2014 involving Combs' then-girlfriend Casandra 'Cassie' Ventura, a male sex worker and Combs. Cassie earlier testified that she participated in hundreds of the 'freak-off' events. She and Combs were in a relationship from 2007 until 2018. Cassie sued Combs in 2023 alleging years of abuse. He settled within hours, and dozens of similar lawsuits followed. The Associated Press doesn't generally identify people who say they are victims of sexual abuse unless they come forward publicly, as Cassie has done. Defense lawyers last week showed the jury about 18 minutes of video clips from the sex performances involving Cassie after a lawyer said in opening statements that the videos prove sexual activity was consensual and not evidence of a crime. On Monday, prosecutors aired nearly 20 minutes of recordings from 2021 and 2022 of a single mother who was identified only by the pseudonym 'Jane,' male sex workers and Combs. Jane testified for six days earlier in the trial that she was romantically involved with Combs from 2021 until his September arrest at a New York hotel room. Joseph Cerciello, a Homeland Security Investigations agent, testified that dozens of the recordings from late 2021 until last August lasted many hours. Comey finished questioning Cerciello in the early afternoon Monday. After a cross-examination by the defense, the prosecution was expected to rest. The trial is in its seventh week, with closing arguments tentatively scheduled for Thursday after what was expected to be a brief defense presentation. Combs, 55, has pleaded not guilty. He's been active in his defense, writing notes to his attorneys and sometimes influencing when they stop questioning witnesses.

Bloomberg

27 minutes ago

• Bloomberg

Ex-Soros Hedge Fund Picker Sun Leads Andon's Push Into US

Investment firm Andon Hong Kong Ltd. is opening an office in New York, led by Soros Fund Management alumnus Chuck Sun. The US operation will initially focus on hedge fund manager selection, an area in which Sun specialized at billionaire George Soros' family office. The firm manages money on behalf of Shenzhen-listed Andon Health Co., a Chinese maker of medical devices like blood pressure monitors and Covid test kits.

Bloomberg

27 minutes ago

• Bloomberg

Ford Escalates Battery Job Warnings as Congress Mulls EV Cuts

Ford Motor Co. intensified its campaign to preserve clean energy manufacturing subsidies Monday, warning jobs at its electric-vehicle battery plant in southwestern Michigan could be at risk if Republicans in Congress pare back tax credits in President Donald Trump's multi-trillion dollar economic package. The $3 billion plant in Marshall, about 100 miles west of Detroit, is slated to produce 20 gigawatt-hours of lithium iron phosphate, or LFP batteries, and employ 1,700 people after it starts production in 2026. The 2 million-square-foot site, which is still under construction, has drawn intense political scrutiny since it was announced in 2023 because Ford is licensing the technology to build the batteries from China's Contemporary Amperex Technology Co. Ltd, the world's largest battery manufacturer.