- Get link
- X
- Other Apps
Cybercriminals Breach Aflac in Hacking Spree Against US Insurance Industry
The US insurance industry is under siege, and the latest victim is none other than insurance giant Aflac. The company confirmed on Friday that it had been breached by cybercriminals, potentially exposing sensitive data like Social Security numbers, insurance claims, and health information.
With its substantial annual revenue and a vast customer base numbering in the tens of millions, Aflac represents the most significant target to date in this ongoing digital assault. The situation has the entire industry on high alert, with the FBI and private cybersecurity experts working feverishly to mitigate the damage.
Erie Insurance and Philadelphia Insurance Companies have also reported recent cyberattacks, causing widespread disruptions to their IT systems. According to sources familiar with the investigation, all three incidents bear the hallmarks of a notorious cybercrime group known as Scattered Spider.
Aflac acknowledged the attack in a statement, saying, “This attack, like many insurance companies are currently experiencing, was caused by a sophisticated cybercrime group.” The company emphasized that it "stopped the intrusion within hours" of discovery, that no ransomware was deployed, and that they continue to serve their customers.
Key Takeaways:
- Aflac confirms data breach potentially exposing sensitive customer information.
- Erie Insurance and Philadelphia Insurance Companies also recently targeted.
- Attacks attributed to the cybercrime group Scattered Spider.
- Aflac claims rapid containment and no ransomware deployment.
The full extent of the data breach is still being investigated, but the potential exposure is considerable, given Aflac's position as a leading provider of supplemental health insurance.
Social engineering was the method used by the hackers to infiltrate Aflac’s network. This tactic involves deceiving individuals into divulging sensitive security information, a signature move of Scattered Spider, who are known for impersonating tech support to gain access to corporate systems.
Scattered Spider: A Profile
- Considered a dangerous and unpredictable group.
- Believed to be comprised of youths in the US and the UK.
- Known for aggressive extortion tactics.
- Linked to multimillion-dollar hacks on MGM Resorts and Caesars Entertainment in September 2023.
The group's methods and the scope of their targets have prompted cybersecurity executives to urge companies to be vigilant about suspicious phone calls to their employees. They were also recently suspected of multiple cyberattacks on American retail companies.
Cynthia Kaiser, former deputy assistant director of the FBI’s Cyber Division, warned, “If Scattered Spider is targeting your industry, get help immediately. They can execute their full attacks in hours. Most other ransomware groups take days.”
The cybersecurity firm Halcyon, where Kaiser now works, notes that Scattered Spider often registers web domains closely resembling trusted IT support help desks.
According to John Hultquist, chief analyst at Google’s Threat Intelligence Group, Scattered Spider is a more immediate concern than even state-sponsored actors. “The threat I lose sleep over is Scattered Spider,” Hultquist stated. “They are already taking food off shelves and freezing businesses. The Iranian hackers may not even have Internet access, but these kids are in play right now.”
This latest wave of attacks serves as a stark reminder of the ever-present and evolving cyber threat landscape. Companies must remain vigilant, invest in robust cybersecurity measures, and train employees to recognize and report potential social engineering attempts. The speed and sophistication of groups like Scattered Spider demand a proactive and comprehensive defense strategy. It’s not just about protecting data; it’s about safeguarding the entire ecosystem of trust that underpins the digital economy.
Tags: Aflac breach, cyber attack, data theft, Scattered Spider, insurance hack, cybercrime, data breach, social security, health data, Erie Insurance
Source: https://edition.cnn.com/2025/06/20/tech/aflac-cyberattack
Comments
Post a Comment