Massive data breach sees 15m Americans' personal details stolen from major insurer
Aflac, one of the largest insurance company in the US, has over 50 million customers worldwide and around 15m in America.
The breach identified on June 12 was carried out by a yet unknown hacking group that accessed files containing Social Security numbers, health claims and other private data.
A 11 class-action lawsuits have been already filed against the company, accusing it of failing to protect user data.
Aflac confirmed the breach in a statement filed with the US Securities and Exchange Commission on Friday, noting that the incident affected customers, beneficiaries, employees and agents.
The company has not shared how many people were affected.
'Our business remains operational, and our systems were not affected by ransomware,' said Aflac in a press release.
'This attack, like many insurance companies are currently experiencing, was caused by a sophisticated cybercrime group.'
Aflac, one of the largest insurance company in the US has over 50 million customers worldwide.
The breach was contained within hours, according to Aflac, but the company admitted the scope of attack remains under investigation.
The hackers performed the attack by manipulating individuals and sector-specific targeting into performing actions or divulging confidential information.
Unlike malware or brute-force attacks, these tactics rely on psychological manipulation rather than technical vulnerabilities.
This form of attack involves tricking employees, often help desk workers into revealing passwords or granting access, bypassing traditional security systems like firewalls.
Alfac has hired a third party cybersecurity experts to review the breach and assess the damage.
So far, the company says the data potentially accessed includes names, claims data, Social Security numbers, and health-related information.
Aflac said it is offering free credit monitoring and identity theft protection to affected individuals.
Alfac has hired a third party cybersecurity experts to review the breach and assess the damage.
Aflac reported the data potentially accessed includes names, claims data, Social Security numbers, and health-related information.
A dedicated call center was launched on June 20 to provide support and more details to those impacted by the incident.
The Aflac hack followed a coordinated series of attacks on insurers beginning June 7, starting with Erie Insurance and Philadelphia Insurance Companies.
The FBI has not commented publicly on the breach, but cybersecurity analysts suspect the attack was carried out by a group known as Scattered Spider.
This group operates under a larger cybercriminal network known as The Com, according to Cyberscoop.
The group, active since 2022, is known for attacking US companies in waves using identity-based tactics such as impersonating employees.
John Hultquist, chief analyst at Google's Mandiant Intelligence, said the insurance industry is currently facing a surge in targeted intrusions.
He noted the tactics used in the Aflac breach mirror recent attacks on Erie Indemnity and Philadelphia Insurance Companies.
'This was part of a cybercrime campaign against the insurance industry,' Aflac said in its press release.
'We regret that this incident occurred,' the company added, emphasizing its commitment to protecting customer data going forward.
Security experts warn that breaches like this can have long term consequences for victims.
With Social Security numbers and medical records exposed, individuals may at risk for fraud, scams or even medical identity theft.
Steve Cagle, CEO of Clearwater, a healthcare cybersecurity firm, said Scattered Spider is known for bypassing even multi-factor authentication by tricking help desk personnel.
'This group's specialty is identity-based tactics,' he noted.
Health and insurance records are among the most valuable data types on the black market, experts say.
Scattered Spider has been linked to past attacks on tech companies, casinos, and retailers in both the US and UK.
The group reportedly uses threats of violence and impersonation tactics to gain access to secure systems.
Cyberattacks across the globe rose 44 percent last year, according to a January report by Check Point Research.
The rise is attributed partly to advanced social engineering and the use of generative AI in phishing and impersonation attempts.
Aflac has joined other breached companies in notifying regulators and offering affected customers support and monitoring tools.
As investigations continue, more insurers are expected to come forward with disclosures of similar intrusions.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
The Independent
31 minutes ago
- The Independent
University of Virginia president resigned after ‘pressure campaign' from Trump admin to remove him from post
The president of the University of Virginia has resigned after facing pressure from the Justice Department over his institution's alleged failure to DEI values, according to reports. James Ryan submitted his resignation on Friday and posted an open letter on social media explaining the decision, saying he had made it 'with a very heavy heart' and that, while he is 'inclined to fight for what I believe in,' he could not 'make a unilateral decision to fight the federal government in order to save my own job.' His departure from the school he has served since 2018 will be effective 'no later than August 15,' The New York Times has since reported. The NYT first reported that the administration was trying to force Ryan out of his role on Thursday, a saga that began earlier this year when members of the UVA board alleged that it was not in compliance with Trump's January executive order banning organizations that receive federal funding from engaging in DEI hiring practices. The UVA's Board of Visitors voted unanimously to shut down its DEI offices in March but Harmeet Dhillon, who leads the Justice Department's civil rights division, went on to write to Ryan on April 28 notifying him about the complaints regarding his leadership. That was followed by another letter on June 17 that warned the administrator: 'Time is running short, and the department's patience is wearing thin.' Ryan's resignation letter last week made clear that he felt he faced an ultimatum: step down or cost the university millions of dollars in vital support. 'While there are very important principles at play here, I would at a very practical level be fighting to keep my job for one more year while knowingly and willingly sacrificing others in this community,' he wrote. Dhillon, who happens to be an alumna of the UVA School of Law, responded to his ousting by saying: 'The United States Department of Justice has a zero-tolerance policy toward illegal discrimination in publicly-funded universities. We have made this clear in many ways to the nation's most prominent institutions of higher education, including the University of Virginia. 'When university leaders lack commitment to ending illegal discrimination in hiring, admissions, and student benefits – they expose the institutions they lead to legal and financial peril. We welcome leadership changes in higher education that signal institutional commitment to our nation's venerable federal civil rights laws.' A spokesperson for the university said: 'UVA is committed to complying with all federal laws and has been cooperating with the Department of Justice in the ongoing inquiries. The federal government's support of the university is essential to continue the core mission of research, education and clinical care.' Two of the state's Democratic senators, Mark Warner and Tim Kaine, have since leapt to Ryan's defense, declaring in a joint statement: 'It is outrageous that officials in the Trump Department of Justice demanded the Commonwealth's globally recognized university remove President Ryan – a strong leader who has served UVA honorably and moved the university forward – over ridiculous 'culture war' traps. 'Decisions about UVA's leadership belong solely to its Board of Visitors, in keeping with Virginia's well-established and respected system of higher education governance. This is a mistake that hurts Virginia's future.' Warner also spoke up for Ryan on CBS's Face the Nation on Sunday morning, telling anchor Margaret Brennan: 'This is the most outrageous action, I think, this crowd has taken on education. 'Jim Ryan had done a very good job; just completed a major capital campaign. For him to be threatened, and, literally, there was indication that they received the letter that if he didn't resign on a day last week, by five o'clock, all these cuts would take place.' The Trump administration has shown an appetite for taking on America's elite Ivy League universities as centers of entitlement and liberal values, attacking both Harvard and Columbia in a very public manner, although its battle with UVA was conducted much more discreetly, a process enabled by internal conservative opposition to Ryan's tenure. Several members of UVA's board were appointed by the state's Republican governor Glenn Youngkin while the institution also has an outspoken right-leaning alumni organization known as the Jefferson Council, whose co-founder, Jim Bacon, has accused Ryan of 'indoctrinating' students by championing social justice and diversity. Ross Mugler, acting CEO and board chair of the Association of Governing Boards of Universities and Colleges, warned: 'The situation at the University of Virginia represents a serious escalation in the political pressure campaign against higher education – and a clear signal that this fight is not confined to elite private institutions like Harvard or Columbia. 'What we're seeing is a widening effort to reshape governance, leadership and institutional autonomy across the entire sector – including public universities that serve as civic anchors and engines of opportunity in their states.'
Telegraph
34 minutes ago
- Telegraph
Microsoft to cut 9,000 jobs as chatbots take over
Microsoft is cutting 9,000 jobs as executives order staff to delegate more work to artificial intelligence (AI). The $3.6 trillion (£2.7 trillion) technology giant will shed 4pc of its workforce, it confirmed on Wednesday, with redundancies hitting divisions including its Xbox arm and King, its mobile games studios. The job losses follow a round of cutbacks in May, when Microsoft laid off 6,000 staff including hundreds of middle-managers and engineering roles. The technology business had more than 228,000 employees at the end of its last fiscal year. 'We continue to implement organisational changes necessary to best position the company and teams for success in a dynamic marketplace,' a Microsoft spokesman said. The cuts come after Satya Nadella, Microsoft's chief executive, claimed that up to 30pc of the company's code was now being written by AI bots. Executives have been pushing staff to adopt more AI tools to speed up their work. Julia Liuson, the president of Microsoft's developer division, recently told managers to consider whether an employee was using AI enough as part of their performance reviews, according to Business Insider. 'Using AI is no longer optional,' she said in an email. 'It's core to every role and every level. AI should be part of your holistic reflections on an individual's performance and impact.' Threat to entry-level jobs The job cuts come amid growing fears that entry-level and engineering roles risk being replaced by AI bots. Tools such as ChatGPT can write emails or reports in plain English, generate code or create graphics and pictures. While tech executives have promised AI will help create more jobs than it destroys, there are already signs that some roles are disappearing from the jobs market. Software vacancies have fallen sharply since ChatGPT was released in November 2022. Executives are increasingly demanding programmers augment their roles with AI bots that can generate code themselves.
The Independent
43 minutes ago
- The Independent
Microsoft cuts another 9,000 roles in latest jobs cull
Microsoft is cutting about 9,000 jobs worldwide in the latest round of staff cuts as the US technology giant looks to slash costs. It is understood the job losses will impact less than 4% of its total workforce. A company spokesman said: 'We continue to implement organisational changes necessary to best position the company and teams for success in a dynamic marketplace.' It marks the biggest jobs cull since early 2023 when the company cut 10,000 workers – almost 5% of its workforce at the time – amid a move in the wider tech sector to scale back expansion seen during the pandemic. The latest cuts are thought to impact different teams and country operations as part of efforts to cut layers of management. The company's gaming business is among areas where Microsoft will 'end or decrease work', according to an internal memo. 'To position gaming for enduring success and allow us to focus on strategic growth areas, we will end or decrease work in certain areas of the business and follow Microsoft's lead in removing layers of management to increase agility and effectiveness,' Phil Spencer, Microsoft's chief executive of gaming, said. The cuts come after Microsoft axed around 6,000 roles in May and some 1,000 in January. Microsoft employed 228,000 full-time workers as of last June, the last time it reported its annual headcount. About 55% were in the US.
