Aflac says it stopped attack launched by ‘sophisticated cybercrime group’

Avatar

Insurance company Aflac said a “sophisticated cybercrime group” breached its systems and may have stolen data during an attempted ransomware attack.

The Georgia-based company published a statement and notified the Securities Exchange Commission (SEC) on Friday, explaining that the incident was initially identified on June 12. 

The intrusion was stopped “within hours” and no business functions were affected by ransomware, Aflac said. But the company admitted that there were files stolen during the incident and said officials are determining the total number of affected individuals. 

The potentially impacted files contain information on claims, health information, Social Security numbers and other personal data of “customers, beneficiaries, employees, agents, and other individuals in its U.S. business.” The company said it can still “underwrite policies, review claims, and otherwise service our customers as usual.”

Aflac did not respond to requests for comment but explained in a press release that the attack is something “many insurance companies are currently experiencing.”

“This was part of a cybercrime campaign against the insurance industry,” the company said, adding that the hackers “used social engineering tactics to gain access to our network.”

A source working with Aflac on the incident explained explained that the threat actors did not identify themselves but the characteristics of the attack bear the hallmarks of Scattered Spider, a loosely affiliated group of English-speaking cybercriminals known for gaining access to major companies by posing as IT workers. 

Google warned earlier this week that Scattered Spider had recently shifted from attacking large retail companies to targeting the insurance industry

Erie Insurance and the Philadelphia Insurance Companies each published notices this week about cyberattacks. A major Swedish insurance firm also was allegedly attacked by cybercriminals this week who took down the company’s website.  

Charles Carmakal, the chief technology officer of Mandiant, previously told Recorded Future News that there is more than one U.S.-based insurance company that has been attacked and noted that the targeting of the insurance industry began around a week and a half ago. 

“Given this actor’s history of focusing on a sector at a time, the insurance industry should be on high alert, especially for social engineering schemes which target their help desks and call centers,” said John Hultquist, chief analyst at Google.

Last week, Google published a report about Scattered Spider tricking companies into giving them widespread access to a popular Salesforce tool, allowing them to steal sensitive data and move through other parts of the organizations.

Aflac created a phone line for those concerned that their data may have been accessed and is providing two years of identity theft protection to anyone who calls. 

In 2023, Aflac reported a data breach in Japan that affected 1.3 million customers holding cancer-related insurance policies. 

Aflac is one of the largest insurance companies in the U.S. and Japan, reporting a total 2024 revenue of $18.9 billion. In the SEC filing, the company said the “full scope and potential ultimate impact” on their finances is unknown. 

IndustryCybercrimeNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

Krispy Kreme: Over 160,000 people had data stolen during November 2024 cyberattack

Next Post

Qilin Ransomware Adds “Call Lawyer” Feature to Pressure Victims for Larger Ransoms

Related Posts

Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics

Russian cyber threat actors have been attributed to a state-sponsored campaign targeting Western logistics entities and technology companies since 2022. The activity has been assessed to be orchestrated by APT28 (aka BlueDelta, Fancy Bear, or Forest Blizzard), which is linked to the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center, Military Unit 26165.
Avatar
Read More