Insurance company Aflac announces that a 'sophisticated cybercriminal group' may have infiltrated its systems and stolen customer data; the culprit may be Scattered Spider, which targets specific industries

On June 20, 2025 local time, Aflac, the life insurance company known for its duck commercials, announced that it had detected a cyber attack by a 'sophisticated cybercrime group.' Aflac is currently investigating the extent of the damage caused by the cyber attack, but it is possible that personal information of customers may have been stolen.

Aflac Incorporated Discloses Cybersecurity Incident

https://www.prnewswire.com/news-releases/aflac-incorporated-discloses-cybersecurity-incident-302487036.html

Inline Viewer: Aflac Incorporated 8-K 2025-06-20
https://www.sec.gov/ix?doc=/Archives/edgar/data/0000004977/000000497725000128/afl-20250620.htm

Aflac says it stopped attack launched by 'sophisticated cybercrime group' | The Record from Recorded Future News
https://therecord.media/aflac-cyberattack-potential-data-breach

Aflac latest victim of 'sophisticated cybercrime group' • The Register
https://www.theregister.com/2025/06/20/aflac_scattered_spider/

Aflac discloses breach amidst Scattered Spider insurance attacks
https://www.bleepingcomputer.com/news/security/aflac-discloses-breach-amidst-scattered-spider-insurance-attacks/

On June 12, 2025, Aflac detected suspicious activity on its network in the United States. The company initiated its cyber incident response protocol and was able to halt the intrusion into its systems within hours. Aflac's systems themselves were not affected by the ransomware, so the company's operations continue and it appears that it continues to provide services to its customers while responding to the incident.

Aflac explained the cyberattack, saying, 'This attack, similar to those currently experienced by many insurers, was carried out by a sophisticated cybercrime group and is part of a growing cybercriminal campaign against the insurance industry.'

Aflac engages with leading third-party cybersecurity experts to assist in responding to security incidents. While the investigation into this cyberattack is still in its early stages, Aflac is prioritizing transparency and customer care, and has reported that 'preliminary investigations indicate that an unauthorized third party gained access to Aflac's network using social engineering techniques.'

Aflac reports that it is reviewing potentially affected files, but that the review is in the early stages and that it cannot determine the total number of affected individuals until the review is complete. Potentially affected files include claims information, health information, Social Security numbers and other personal information about customers, beneficiaries, employees, agents and other individuals associated with Aflac's U.S. operations.

While Aflac's team works to verify any potentially affected data, customers who contact its call center will receive free credit monitoring, identity theft protection and 24 months of medical shield services.

Technology media The Record reported that 'a source working with Aflac on the case described the attack as having characteristics that are characteristic of Scattered Spider, an English-speaking cybercrime group known for infiltrating large companies by posing as IT workers.'

Google warned in the beginning of the third week of June 2025 that 'Scattered Spider has recently switched its target from major retailers to the insurance industry.' In fact, American insurance companies Erie Insurance and Philadelphia Insurance announced notifications about cyber attacks in the third week of June.

Scania Financial Services, a major Swedish insurance company, also reportedly suffered a cyber attack in the third week of June, causing its website to go down.

🚨Data Breach Alert‼️

🇸🇪Sweden - Scania Financial Services

A threat actor using the alias 'hensi' claims to have breached the subdomain insurance.scania[.]com, seemingly gaining access to and exfiltrating a full set of files.

The actor states this is a first-time intrusion… pic.twitter.com/aPP09wSjhB

— Hackmanac (@H4ckmanac) June 12, 2025

'Multiple US-based insurance companies have been hit by cyber attacks, and the attacks on the insurance industry began about a week and a half ago,' Charles Carmack, chief technology officer at security firm Mandiant, told The Record.

'Given this attacker's focus on specific industries to date, the insurance sector should be particularly vigilant about social engineering tactics aimed at help desks and call centers,' said John Hultquist, principal analyst at Google.

Aflac also suffered a data breach in 2023 involving the data of 1.3 million customers with cancer insurance in Japan. Aflac is one of the largest insurance companies in the United States and Japan, with reported total sales of $18.9 billion (approximately 2.77 trillion yen) in 2024.