Insurance coverage big Aflac is notifying roughly 22.65 million people who their private data was stolen from its programs in June 2025.
The corporate disclosed the intrusion on June 20, saying it had recognized suspicious exercise on its community within the US on June 12 and blaming it on a complicated cybercrime group.
The corporate stated it instantly contained the assault and engaged with third-party cybersecurity specialists to assist with incident response. Aflac’s operations weren’t affected, as file-encrypting ransomware was not deployed.
Simply earlier than Christmas, the Columbus, Georgia-based firm introduced it had accomplished its investigation into the possibly compromised information and had began notifying the affected people.
“Primarily based on our assessment of doubtless impacted information, we’ve got decided private data related to roughly 22.65 million people was concerned,” the corporate stated.
The compromised data, the insurance coverage big says, contains names, addresses, Social Safety numbers, dates of delivery, driver’s license numbers, authorities ID numbers, medical and medical insurance data, and different information.
“The assessment of the possibly impacted information decided private data related to clients, beneficiaries, workers, brokers, and different people associated to Aflac was concerned,” Aflac stated in a notification (PDF) on its web site.
The corporate is offering the affected people with 24 months of free credit score monitoring, identification theft safety, and medical fraud safety companies.Commercial. Scroll to proceed studying.
Aflac says it’s not conscious of any of the stolen data being fraudulently used, however urges the impacted people to stay vigilant towards any identification theft and fraud makes an attempt.
The insurance coverage big didn’t identify the menace actor behind the information breach, however stated the incident was a part of a “marketing campaign towards the insurance coverage business”.
This means that the Scattered Spider hacking group may need been answerable for the intrusion, because it occurred across the identical time that Google’s Menace Intelligence Group warned that the gang was specializing in insurance coverage corporations.
Associated: Nissan Confirms Influence From Crimson Hat Information Breach
Associated: 3.5 Million Affected by College of Phoenix Information Breach
Associated: College of Sydney Information Breach Impacts 27,000 People
Associated: 113,000 Impacted by Information Breach at Virginia Psychological Well being Authority
