Aflac Investigates Data Breach by Scattered Spider Hacking Group

Coin WorldMonday, Jun 23, 2025 3:15 am ET

1min read

Aflac, a prominent American insurance company, has been targeted by a sophisticated hacking group, potentially putting the personal and medical data of its customers at risk. The company is currently investigating a breach on its US network, which exhibits characteristics consistent with the hacking collective known as the Scattered Spider. This group, also referred to as “UNC3944,” is believed to be composed mostly of young adults based in the US and the UK. They are known for several high-profile breaches, including those targeting Visa, Marks & Spencer, and PNC Financial Services Group Inc.

Aflac spokesperson stated that the firm is still in the early stages of reviewing the attack and has not yet disclosed information relating to the number of affected customers or the duration of the investigation. Aflac offers accident and pet insurance plans in the US and Japan to its 50 million users, and the breach may have exposed customers’ personal information, including Social Security numbers and health-related information.

Steve Cagle, CEO at healthcare security firm Clearwater, noted that Scattered Spider’s specialty seems to be social engineering techniques, such as tricking help desks into resetting credentials and bypassing multi-factor authentication. The group is also known for being expert SIM swappers, a tactic where a hacker takes control of a target’s mobile phone plan to receive their 2FA (two-factor authentication) codes and log in to their accounts. Noah Michael Urban, a member of the group, was recently ordered to pay back $13.2 million to 59 victims after being charged with masterminding a SIM swapping scheme. Urban is currently facing 20 years in federal prison on each wire fraud charge.

Ask Aime: How does Aflac's data breach impact customer trust and insurance markets?

This incident underscores the growing vulnerabilities in the insurance industry, as threat groups like Scattered Spider increasingly target insurers. The use of social engineering tactics to gain access to internal networks highlights the need for enhanced cybersecurity measures and vigilance within the industry. As the investigation continues, Aflac remains committed to protecting its customers' data and ensuring the integrity of its operations. The company is prioritizing transparency and customer care, offering free credit monitoring, identity theft protection, and 24 months of medical shield services to customers who contact their call center. Aflac has also reported the incident to relevant authorities and is working diligently to mitigate any potential impact on its customers.

Comments

﻿

Add a public comment...

No comments yet

Disclaimer: The news articles available on this platform are generated in whole or in part by artificial intelligence and may not have been reviewed or fact checked by human editors. While we make reasonable efforts to ensure the quality and accuracy of the content, we make no representations or warranties, express or implied, as to the truthfulness, reliability, completeness, or timeliness of any information provided. It is your sole responsibility to independently verify any facts, statements, or claims prior to acting upon them. Ainvest Fintech Inc expressly disclaims all liability for any loss, damage, or harm arising from the use of or reliance on AI-generated content, including but not limited to direct, indirect, incidental, or consequential damages.