Latest news with #Aflac
CNET
2 hours ago
- Business
- CNET
Cybercriminals Breach Aflac, Private Customer Data Could Be At Risk
Aflac said Friday that cybercriminals breached its computer systems, potentially exposing some of the most personal data including the Social Security numbers and healthcare information of an unknown number of Americans and marking the latest in a recent string of online attacks against insurance companies. The Columbus, Georgia-based insurance giant said that it detected suspicious activity on its US networks, quickly responded to it and managed to stop the online intruders "within hours." Aflac added that its business remains operational and that its systems were not infected with ransomware. Aflac is the latest and biggest insurance companies to so far be targeted by cybercriminals. Philadelphia Insurance and Erie Insurance were both hit by cyberattacks earlier this month and have yet to resume full operations. "This attack, like many insurance companies are currently experiencing, was caused by a sophisticated cybercrime group," Aflac said in a statement without providing details to back that claim. "This was part of a cybercrime campaign against the insurance industry." Aflac said that it's working with outside cybersecurity experts to investigate the breach. It's in the process of determining which of its files were potentially compromised and how many people may have been affected. The potentially affected files could include customer data like Social Security numbers, insurance claims, health information and other personal details. Information about Aflac's employees, agents and other people involved in its US businesses could also be compromised, the company said. While that investigation is still in its early stages, Aflac it appears that the attackers gained access to its networks through a social engineering attack, where instead of breaking into a computer system attackers will often pose as someone in authority like an executive or a IT worker to trick an employee into handing over their legitimate login credentials. John Hultquist, chief analyst for Google's Threat Intelligence Group, said the recent attacks against the insurance companies "bear all the hallmarks" of the Scattered Spider cybercrime group, which has been previously tied to high-profile attacks against financial services, telecommunications and Las Vegas casinos and hotels. "Given this actor's history of focusing on a sector at a time, the insurance industry should be on high alert, especially for social engineering schemes which target their help desks and call centers," Hultquist said in a statement. While it's yet to be determined exactly who has been affected and how bad the damage could be, Aflac has taken the unsual step of already offering to provide free credit monitoring, identity theft protection and Medical Shield coverage for 24 months to customers who contact its call center at 855-361-0305. Aflac is the largest provider of supplemental health insurance in the US and has a global customer base of about 50 million people.
New York Post
4 hours ago
- Business
- New York Post
Aflac customer data breached by cybercriminals in latest hit on US insurance industry
Aflac's customer data has been breached in the latest cyberattack on the US insurance industry – potentially jeopardizing Social Security numbers, insurance claims and health information, the company said Friday. It's the largest insurance company yet to fall victim to a major hacking, with tens of millions of customers and a $55 billion market cap. 'This attack, like many insurance companies are currently experiencing, was caused by a sophisticated cybercrime group,' Aflac said Friday. Aflac said Friday that its network had been hacked by cybercriminals. yu_photo – Aflac — long known for its quacking duck TV commercials — said it is unable to determine the total number of impacted individuals and the specific data stolen. Its systems were not affected by ransomware, so it is fully operational, and the company has engaged third-party cybersecurity experts, Aflac added. It said it stopped the intrusion on June 12 hours after it noticed suspicious activity. Erie Insurance and Philadelphia Insurance Companies have also reported hacks this month. Both of those cases led to widespread disruptions across their IT systems. All three of the major hacks are consistent with techniques used by a group of young cybercriminals known as Scattered Spider, sources familiar with the investigation told CNN. Aflac said the hackers used 'social engineering' tactics to breach their network, manipulating employees to gain access to a company system and often posing as tech support workers over the phone — a trademark of Scattered Spider. All three of the major hacks are consistent with methods used by Scattered Spider, sources told CNN. Montri – In the past, these hackers have posed as company help desk staffers to obtain credentials from employees or tricked workers into installing tools on their devices that will hand over network access, according to the US Cybersecurity & Infrastructure Security Agency. Scattered Spider is believed to be made up of teens and young adults in the US and UK and is known for aggressively extorting victims. Its members recently targeted Marks & Spencer and other UK retailers, and famously carried out a hacking spree across Las Vegas casinos in September 2023. Cybersecurity executives have sounded the alarms over the group's attack on the US insurance industry, warning companies to tell their employees to be wary of suspicious phone calls. Aflac did not mention Scattered Spider by name in its press release.
CNA
5 hours ago
- Business
- CNA
Insurer Aflac investigating possible data leak after cyberattack
Health and life insurer Aflac on Friday said it is investigating a breach on its U.S. network that may have exposed customers' personal information, making it the latest insurance provider to be targeted in a cyberattack. Aflac said the attack was identified on June 12 and carried out by a sophisticated cybercrime group. An Aflac spokesperson told Reuters that the characteristics of the incident were consistent with Scattered Spider, a hacking group that has been around since May 2022 and has a reputation for targeting multiple companies in a single industry in waves. Earlier this week, Google's chief threat analyst warned the insurance industry to be on high alert from attacks from Scattered Spider. The group is also reportedly behind recent outages at Philadelphia Insurance Companies (PHLY) and Erie Indemnity. The group's specialty is identity-based tactics through methods like scamming help desks to reset credentials and bypassing multi-factor authentication, said Steve Cagle, CEO at healthcare security firm Clearwater. The Aflac spokesperson said the company's review of the attack was in early stages and it cannot disclose how many customers were affected or how long the investigation would take. The company offers accident and pet insurance plans in the U.S. and Japan and manages personal, medical and financial data of more than 50 million policyholders. The attack potentially impacted files containing personal information of Aflac's customers, such as social security numbers and health-related details. The insurer said it was able to stop the intrusion within hours and has reached out to third-party cybersecurity experts to investigate the incident. The company added that it can continue to provide its services as usual while it responds to the security breach.
Yahoo
5 hours ago
- Business
- Yahoo
Insurer Aflac investigating possible data leak after cyberattack
By Puyaan Singh and Christy Santhosh (Reuters) -Health and life insurer Aflac on Friday said it is investigating a breach on its U.S. network that may have exposed customers' personal information, making it the latest insurance provider to be targeted in a cyberattack. Aflac said the attack was identified on June 12 and carried out by a sophisticated cybercrime group. An Aflac spokesperson told Reuters that the characteristics of the incident were consistent with Scattered Spider, a hacking group that has been around since May 2022 and has a reputation for targeting multiple companies in a single industry in waves. Earlier this week, Google's chief threat analyst warned the insurance industry to be on high alert from attacks from Scattered Spider. The group is also reportedly behind recent outages at Philadelphia Insurance Companies (PHLY) and Erie Indemnity. The group's specialty is identity-based tactics through methods like scamming help desks to reset credentials and bypassing multi-factor authentication, said Steve Cagle, CEO at healthcare security firm Clearwater. The Aflac spokesperson said the company's review of the attack was in early stages and it cannot disclose how many customers were affected or how long the investigation would take. The company offers accident and pet insurance plans in the U.S. and Japan and manages personal, medical and financial data of more than 50 million policyholders. The attack potentially impacted files containing personal information of Aflac's customers, such as social security numbers and health-related details. The insurer said it was able to stop the intrusion within hours and has reached out to third-party cybersecurity experts to investigate the incident. The company added that it can continue to provide its services as usual while it responds to the security breach. Last year, UnitedHealth's Change unit was breached by a hacking group called ALPHV, or "BlackCat", in one of the worst hacks to hit the U.S. healthcare sector.
Axios
5 hours ago
- Business
- Axios
Aflac caught in string of cyberattacks on insurers
Aflac, a U.S. insurance provider that covers millions of policyholders, warned some of its customers' most sensitive data may have been stolen in a recent cyberattack. Why it matters: Aflac warned that a "sophisticated cybercrime group" was behind the intrusion and said many insurance providers are currently battling the same group. Driving the news: The insurance provider told investors in an SEC filing Friday that it detected unauthorized activity within hours on its networks on June 12. The incident didn't impact Aflac's operations and the company noted it also was not the victim of ransomware. Aflac said its initial investigation suggests that the hackers used social engineering techniques to gain access to the company's systems. From there, they likely stole an undetermined number of files from the systems, potentially including customers' claim information, health information, Social Security numbers and other highly sensitive personal details. Aflac is still investigating the scope of the breach and hired third-party investigators to assist in the matter. Between the lines: A source familiar with the investigation told Axios that the characteristics of the attack are consistent with those of the English-speaking cybercriminal gang Scattered Spider. Google's cybersecurity experts warned earlier this week that the cybercriminal gang was turning its attention to the insurance sector after a month-long hacking spree against retailers.
