Latest news with #ScatteredSpider
Yahoo
an hour ago
- Business
- Yahoo
Customer data possibly leaked in Aflac cyberattack, the third insurance hack this month
Insurance company Aflac disclosed this week that cybercriminals breached its U.S. network and may have accessed customers' personal information, the latest in a string of cyberattacks on insurance companies announced this month. Aflac, which provides home and life insurance and manages data for more than 50 million policyholders, said in a June 20 federal regulatory filing it identified suspicious activity on its U.S. network on June 12. The company said it believes it stopped the intrusion within hours of identifying it, calling the attack part of a 'cybercrime campaign against the insurance industry.' The breach potentially impacted files containing customers' personal information, such as Social Security numbers and health-related details. Aflac said it is investigating the breach with the help of third-party cybersecurity experts and has not yet determined how many customers were affected. An Aflac spokesperson told Reuters that the characteristics of the incident were consistent with the hacking group Scattered Spider, which has a reputation for targeting multiple companies in a single industry in waves. More: This is how you stop online trackers from collecting your health data Latest Tech News: Is TikTok getting banned? Trump says he'll 'probably' extend deadline again It's the largest insurance provider yet to disclose a breach this month, after cyberattacks on Erie Insurance and Philadelphia Insurance Companies disrupted their network operations. Aflac said the attack did not affect its systems and it is able to continue providing services as usual while it responds to the security breach. Contributing: Reuters. Kathryn Palmer is a national trending news reporter for USA TODAY. You can reach her at kapalmer@ and on X @KathrynPlmr. This article originally appeared on USA TODAY: Aflac investigating data leak after cyber attack breach hack
USA Today
an hour ago
- Business
- USA Today
Customer data possibly leaked in Aflac cyberattack, the third insurance hack this month
The Aflac breach potentially impacted files with customers' Social Security numbers and health details. Insurance company Aflac disclosed this week that cybercriminals breached its U.S. network and may have accessed customers' personal information, the latest in a string of cyberattacks on insurance companies announced this month. Aflac, which provides home and life insurance and manages data for more than 50 million policyholders, said in a June 20 federal regulatory filing it identified suspicious activity on its U.S. network on June 12. The company said it believes it stopped the intrusion within hours of identifying it, calling the attack part of a 'cybercrime campaign against the insurance industry.' The breach potentially impacted files containing customers' personal information, such as Social Security numbers and health-related details. Aflac said it is investigating the breach with the help of third-party cybersecurity experts and has not yet determined how many customers were affected. An Aflac spokesperson told Reuters that the characteristics of the incident were consistent with the hacking group Scattered Spider, which has a reputation for targeting multiple companies in a single industry in waves. More: This is how you stop online trackers from collecting your health data Latest Tech News: Is TikTok getting banned? Trump says he'll 'probably' extend deadline again It's the largest insurance provider yet to disclose a breach this month, after cyberattacks on Erie Insurance and Philadelphia Insurance Companies disrupted their network operations. Aflac said the attack did not affect its systems and it is able to continue providing services as usual while it responds to the security breach. Contributing: Reuters. Kathryn Palmer is a national trending news reporter for USA TODAY. You can reach her at kapalmer@ and on X @KathrynPlmr.
Forbes
7 hours ago
- Business
- Forbes
Aflac Data Breach By Scattered Spider Hackers Is No Quacking Matter
NEW YORK - FEBRUARY 25: The Aflac Duck rings the closing bell at the New York Stock Exchange on ... More February 25, 2010 in New York City. (Photo by) When you hear the name Aflac, you, probably like me, hear the quacking duck from their commercials. Unfortunately, however the recently announced data breach at Aflac is no quacking matter. Aflac disclosed on June 20th that it had suffered a data breach that may have compromised sensitive personal information held by the company, which offers a wide range of insurance products to millions of people. According to Aflac, it noticed suspicious activity on its networks on June 12th and is now in the early stages of investigating the extent of the data breach with the help of outside cybersecurity experts. Aflac's press release states that it did not find evidence of ransomware, but doesn't yet know the extent of the data breach which may include social security numbers and other sensitive information. It is believed that the data breach was the work of the infamous hacking group called Scattered Spider which focuses its efforts on one specific industry at a time, often using ransomware. The September 2023 ransomware attacks on MGM Resorts and Caesars Entertainment were attributed to Scattered Spider. Now, according to the Google Threat Intelligence Group, Scattered Spider is targeting the insurance industry. Earlier this month Erie Insurance suffered a data breach attributed to Scattered Spider. Google Threat Intelligence Group chief analyst John Hulquist warned 'Given this actor's history of focusing on a sector at a time, the insurance industry should be on high alert, especially for social engineering schemes, which target their help desks and call centers.' Scattered Spider is thought to be made up of English-speaking Americans and British hackers. In 2024 four Americans and one British national were indicted on cybercriminal charges related to activities of Scattered Spider. Social engineering is the cornerstone of the crimes of Scattered Spider and, according to Aflac, was how their data breach was accomplished. The hackers of Scattered Spider have been known to call IT support posing as employees of the company they are targeting and convince the IT support staff to reset passwords or multi-factor authentication. Scattered Spider also attacks Managed Service Providers which are third-party companies that remotely manage the network and infrastructure systems for companies. Often these Managed Service Providers are a weak link in a company's security. Additionally, Managed Service Providers provide their services to many customers so breaching their security turns into one stop shopping for hackers targeting multiple companies. Alfac is offering free credit monitoring and identity theft insurance to its customers for two years. If you are an Aflac customer and wish to get those free benefits, you should call Aflac's Call Center at 1-855-0305. Potential victims of this data breach should also freeze their credit if they have not already done so. Freezing your credit is something everyone should do. It is free and easy to do. It protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number. If you have not already done so, put a credit freeze on your credit reports at all of the major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze: Equifax TransUnion Experian Everyone also should monitor their credit reports regularly for indications of identity theft. The three major credit reporting agencies now provide free weekly access to your credit reports so you can monitor your credit reports easily on your own. Here is the only link to use to get your free credit report. Finally, be wary of anyone who calls you purporting to help you in regard to this or any other data breach who asks for personal information regarding a data breach as that is a favorite tactic of hackers to lure you into providing additional personal information that can lead to your becoming a victim of identity theft. Also, as always, never click on a link or download an attachment to an email or text message unless you have absolutely confirmed that it is legitimate and don't provide personal information in response to an email, text message or phone call unless you have absolutely confirmed that the communication was legitimate.
Yahoo
11 hours ago
- Business
- Yahoo
Aflac discloses cyber intrusion linked to wider crime spree targeting insurance industry
This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter. Major insurance provider Aflac Inc. said Friday that it was the target of a cyberattack on June 12 that is linked to a major cybercrime spree focusing on the industry. The company said it was able to contain the attack within hours and confirmed its systems remain operational. 'We continue to serve our customers as we respond to this incident and can underwrite policies, review claims and otherwise service our customers as usual,' the company said in a Securities and Exchange Commission filing. The incident is part of a larger crime wave targeting the insurance industry that researchers have linked to a collective known as Scattered Spider. The group recently conducted a weeks-long attack campaign against retailers in the U.S. and the U.K. Erie Insurance Group last week disclosed that it was the target of a cyberattack that began on June 7. The company said Tuesday that it has regained control over its systems and sees no further evidence of malicious activity. Erie is working with third-party forensic experts to restore full access to customers, agents and employees. Researchers from Google Threat Intelligence Group on Monday warned that the same hackers targeting the retail sector had pivoted toward the insurance industry. Google has not attributed the attacks to any actor but said they show the hallmarks of Scattered Spider, the notorious threat group linked to the 2023 MGM Resorts and Clorox hacks. "Given this actor's history of focusing on a sector at a time, the insurance industry should be on high alert, especially for social engineering schemes which target their help desks and call centers,' John Hultquist, chief analyst at GTIG, told Cybersecurity Dive in a statement. The retail sector intrusions began in April, with U.K. retailer Marks and Spencer and the Harrods department store chain among the major victims. In the U.S., the hacking spree hit Victoria's Secret and United Natural Foods, the largest supplier for Whole Foods, the grocery chain owned by Amazon. Aflac has begun a process of reviewing files that may have been accessed. The review is still in its early stages and Alfac said it cannot immediately determine how many people were affected. The files contain claims information, health records, Social Security numbers and other personal data related to customers, employees, beneficiaries, agents and other individuals. The company plans to notify regulators and will send breach letters to affected individuals and provide credit monitoring and identity-theft services. (Adds comment from Google) Sign in to access your portfolio
New York Post
a day ago
- Business
- New York Post
Aflac customer data breached by cybercriminals in latest hit on US insurance industry
Aflac's customer data has been breached in the latest cyberattack on the US insurance industry – potentially jeopardizing Social Security numbers, insurance claims and health information, the company said Friday. It's the largest insurance company yet to fall victim to a major hacking, with tens of millions of customers and a $55 billion market cap. 'This attack, like many insurance companies are currently experiencing, was caused by a sophisticated cybercrime group,' Aflac said Friday. Aflac said Friday that its network had been hacked by cybercriminals. yu_photo – Aflac — long known for its quacking duck TV commercials — said it is unable to determine the total number of impacted individuals and the specific data stolen. Its systems were not affected by ransomware, so it is fully operational, and the company has engaged third-party cybersecurity experts, Aflac added. It said it stopped the intrusion on June 12 hours after it noticed suspicious activity. Erie Insurance and Philadelphia Insurance Companies have also reported hacks this month. Both of those cases led to widespread disruptions across their IT systems. All three of the major hacks are consistent with techniques used by a group of young cybercriminals known as Scattered Spider, sources familiar with the investigation told CNN. Aflac said the hackers used 'social engineering' tactics to breach their network, manipulating employees to gain access to a company system and often posing as tech support workers over the phone — a trademark of Scattered Spider. All three of the major hacks are consistent with methods used by Scattered Spider, sources told CNN. Montri – In the past, these hackers have posed as company help desk staffers to obtain credentials from employees or tricked workers into installing tools on their devices that will hand over network access, according to the US Cybersecurity & Infrastructure Security Agency. Scattered Spider is believed to be made up of teens and young adults in the US and UK and is known for aggressively extorting victims. Its members recently targeted Marks & Spencer and other UK retailers, and famously carried out a hacking spree across Las Vegas casinos in September 2023. Cybersecurity executives have sounded the alarms over the group's attack on the US insurance industry, warning companies to tell their employees to be wary of suspicious phone calls. Aflac did not mention Scattered Spider by name in its press release.
