Aflac’s buyer information has been breached within the newest cyberattack on the US insurance coverage business – probably jeopardizing Social Safety numbers, insurance coverage claims and well being data, the corporate stated Friday.
It’s the biggest insurance coverage firm but to fall sufferer to a serious hacking, with tens of hundreds of thousands of consumers and a $55 billion market cap.
“This assault, like many insurance coverage firms are at present experiencing, was attributable to a complicated cybercrime group,” Aflac stated Friday.
Aflac — lengthy recognized for its quacking duck TV commercials — stated it’s unable to find out the whole variety of impacted people and the particular information stolen.
Its programs weren’t affected by ransomware, so it’s totally operational, and the corporate has engaged third-party cybersecurity specialists, Aflac added.
It stated it stopped the intrusion on June 12 hours after it observed suspicious exercise.
Erie Insurance coverage and Philadelphia Insurance coverage Firms have additionally reported hacks this month.
Each of these instances led to widespread disruptions throughout their IT programs.
All three of the foremost hacks are in step with methods utilized by a gaggle of younger cybercriminals often called Scattered Spider, sources aware of the investigation informed CNN.
Aflac stated the hackers used “social engineering” techniques to breach their community, manipulating workers to achieve entry to an organization system and sometimes posing as tech help employees over the cellphone — a trademark of Scattered Spider.
Previously, these hackers have posed as firm assist desk staffers to acquire credentials from workers or tricked employees into putting in instruments on their units that can hand over community entry, in keeping with the US Cybersecurity & Infrastructure Safety Company.
Scattered Spider is believed to be made up of teenagers and younger adults within the US and UK and is understood for aggressively extorting victims.
Its members just lately focused Marks & Spencer and different UK retailers, and famously carried out a hacking spree throughout Las Vegas casinos in September 2023.
Cybersecurity executives have sounded the alarms over the group’s assault on the US insurance coverage business, warning firms to inform their workers to be cautious of suspicious cellphone calls.
Aflac didn’t point out Scattered Spider by identify in its press launch.
Keep forward of the curve with Enterprise Digital 24. Discover extra tales, subscribe to our e-newsletter, and be a part of our rising group at nextbusiness24.com
