Aflac Confirms Massive Data Breach Affecting 22.6 Million Customers
U.S. insurance giant Aflac has officially confirmed that a recent cyberattack compromised the personal and health data of approximately 22.65 million individuals. The company, which initially disclosed a data breach in June without specifying the number of victims, has now begun notifying those affected by the extensive security incident.
The stolen information is highly sensitive, encompassing a wide range of personal identifiers. According to a filing with the Texas attorney general, the compromised data includes customer names, dates of birth, home addresses, government-issued identification numbers (such as passports, state ID cards, and driver's license numbers), Social Security numbers, and detailed medical and health insurance information.
In a separate filing with the Iowa attorney general, Aflac indicated that the cybercriminals responsible for the breach:
"may be affiliated with a known cyber-criminal organization; federal law enforcement and third-party cybersecurity experts have indicated that this group may have been targeting the insurance industry at large."
This statement strongly suggests a link to "Scattered Spider," an amorphous collective of primarily young, English-speaking hackers known for targeting the insurance sector around the time of the breach.
The incident highlights a broader vulnerability within the insurance industry, as Aflac was not the only company targeted during this period. Other insurers, including Erie Insurance and Philadelphia Insurance Companies, also reported data breaches around the same time.
Aflac, which states it serves around 50 million customers on its official website, did not respond to TechCrunch's request for comment regarding the breach details or the ongoing investigation.
