Aflac recently revealed that hackers stole its customers' data in a cyberattack. Details remain scarce, but the company says it "was caused by a sophisticated cybercrime group" that's targeting the insurance industry.
Aflac wrote in a (legally required) SEC filing that hackers gained access to its network on June 12 and that it "initiated its cybersecurity incident response protocols and believes that it contained the intrusion within hours." The company said it still did not know the scope of the incident but that potentially impacted information includes health info, social security numbers, personal information, and more. Crucially, the company reported that its "systems were not affected by ransomware."
Aflac wrote it was conducting a "review of potentially impacted files" and that it was "unable to determine the total number of affected individuals until that review is completed." In a press release on Friday, the company noted the hackers gained access via social engineering tactics, a common technique that's resulted in other big cybersecurity breaches.
"This attack, like many insurance companies are currently experiencing, was caused by a sophisticated cybercrime group," the press release read. "This was part of a cybercrime campaign against the insurance industry...The potentially impacted files contain claims information, health information, social security numbers, and/or other personal information, related to customers, beneficiaries, employees, agents, and other individuals in our U.S. business."
The company believes the attack was consistent with hacks from the group Scattered Spider, which is believed to be responsible for recent outages at Philadelphia Insurance Companies (PHLY) and Erie Indemnity, Reuters reported.
Aflac customers who may have been affected by the breach can contact the company for free credit monitoring and identity theft protection.
Topics Cybersecurity Privacy
