Aflac, one of the largest insurance companies in the United States, says hackers stole an unknown quantity of its customers’ personal information from its network during a cyberattack earlier this month.
The insurance giant confirmed Friday in a legally required filing with the U.S. Securities and Exchange Commission that the company identified hackers in its system on June 12 and contained the incident. Aflac, which provides supplemental insurance to individuals whose expenses are not covered by their primary providers, said it was not yet known how many customers are affected by the data breach but that the personal data includes customers’ claims, such as Social Security numbers and health information.
The breach also included data from Aflac’s beneficiaries, employees, and agents, the company said.
Aflac said its systems were not affected by ransomware, but attributed the breach to an unspecified cybercrime group known to be targeting the U.S. insurance industry. According to its Friday press release, Aflac said the hackers used social engineering tactics to break into its network.
An Aflac spokesperson, who did not provide their name, declined to answer TechCrunch’s questions when reached by email on Monday.
Aflac, which has around 50 million customers per the company’s website, is the latest U.S. insurance company to experience a cyberattack in recent weeks, amid warnings that hackers are targeting the wider insurance industry.
John Hultquist, the chief analyst for Google’s threat intelligence unit, said last week that the unit was “aware of multiple intrusions” in the U.S. that bear the hallmarks of activity linked to Scattered Spider, a loose-knit collective of hackers and tactics that rely on social engineering tactics and sometimes threats of violence to target company help desks and call centers in order to gain access to their networks.
The hackers are also reportedly behind the recent intrusions at Erie Insurance and Philadelphia Insurance Companies, which disclosed cyberattacks this month, with disruption ongoing.
The hackers linked to Scattered Spider attacks are known to be financially motivated and have been previously linked to cyberattacks and intrusions at tech giants, casinos, and hotels, and recent data breaches across the U.K. and U.S. retail sector.
