Latest news with #ErieInsurance
Tahawul Tech
24-06-2025
- Business
- Tahawul Tech
American based insurance giant suffers cyber breach
Cybercriminals recently breached U.S. insurance giant Aflac, potentially putting Social Security numbers, insurance claims and health information at risk. This incident marks the latest in a spree of targeted hacks against the U.S. insurance industry. With billions of dollars in annual revenue and tens of millions of customers, Aflac is the biggest victim yet in the ongoing digital assault on US insurance companies that has the industry on edge and the FBI and private cyber experts scrambling to contain the fallout. Erie Insurance and Philadelphia Insurance Companies have also reported hacks, which in those cases have caused widespread disruptions to IT systems used to serve customers. All three insurance-company hacks are consistent with the techniques of a young and rampant cybercrime group known as Scattered Spider. 'This attack, like many insurance companies are currently experiencing, was caused by a sophisticated cybercrime group', Aflac said in a recent statement, without naming Scattered Spider. Aflac said it 'stopped the intrusion within hours' after discovering it last week, that no ransomware was deployed, and that it continues to serve its customers. It was too early to tell, the company said, how much customer information may have been stolen, but the potential exposure is vast. Aflac is one of the largest providers of supplemental health insurance in the US for medical expenses that aren't covered by a primary provider. The hackers used 'social engineering' to worm their way into its network, according to Aflac. That tactic can involve duping someone into revealing security information to help gain access to a network. It's a hallmark of Scattered Spider attackers, who are known to pose as tech support to infiltrate big corporations. The loose group of cybercriminals is considered dangerous and unpredictable, in part because it is believed to be comprised of youths in the US and the UK known for aggressively extorting their victims. Scattered Spider shot to infamy in September 2023 when they were linked to a pair of multimillion-dollar hacks on famous Las Vegas casinos and hotels MGM Resorts and Caesars Entertainment. The hackers' tactics, and the way they target big swaths of American industries at a time, has cybersecurity executives pleading with companies to be wary of suspicious phone calls to their employees. Just last month, they were suspects in multiple cyberattacks on American retail companies. 'If Scattered Spider is targeting your industry, get help immediately,' said Cynthia Kaiser, who until last month was deputy assistant director of the FBI's Cyber Division and oversaw FBI teams investigating the hackers. 'They can execute their full attacks in hours. Most other ransomware groups take days'. Scattered Spider often registers web domains that look very much like trusted help desks that companies use for IT support, the cybersecurity firm Halcyon, where Kaiser now works, says in a forthcoming report. While concerns about Iranian cyber capabilities are in the news because of the Israel-Iran war, 'the threat I lose sleep over is Scattered Spider', said John Hultquist, chief analyst at Google's Threat Intelligence Group. 'They are already taking food off shelves and freezing businesses. The Iranian hackers may not even have Internet access, but these kids are in play right now'. Source: CNN Image Credit: Stock Image
Business Wire
23-06-2025
- Business
- Business Wire
The Aflac Breach Was Preventable — Token's Technology Proves It
ROCHESTER, N.Y.--(BUSINESS WIRE)-- Token, a revolutionary provider of secure, biometric identity protection solutions, announced that its technology is the industry's only available solution that could have prevented the serious data breach that Aflac confirmed on June 20, 2025. The Alflac breach possibly exposed customers' Social Security numbers, insurance claims, and personal health information and is considered to be the biggest breach in a growing wave of cyberattacks targeting the insurance industry. 'With billions in revenue and millions of customers, Aflac now joins a troubling list,' said Kevin Surace, Chair, Token. 'Erie Insurance and Philadelphia Insurance Companies were also hit this month, with major IT disruptions affecting customer services.' Share 'With billions in revenue and millions of customers, Aflac now joins a troubling list,' said Kevin Surace, Chair, Token. 'Erie Insurance and Philadelphia Insurance Companies were also hit this month, with major IT disruptions affecting customer services.' According to industry experts, sources close to the investigation say all signs point to Scattered Spider —a fast-moving, aggressive cybercrime group that's quickly becoming a top threat. The breach method relies on (and expects) legacy multi-factor authentication (MFA) — where SMS codes can be intercepted or relayed, and users can be tricked into approving authenticator app prompts during real-time phishing. These methods are easily manipulated and no longer offer protection. This type of hack requires little to no technical ability, and almost anyone who can create a simple spoofed webpage can execute this hack in minutes, leaving every company fully exposed today. Token Ring and Token BioStick leverage a combination of biometric ID (fingerprint) and proximity (using encrypted Bluetooth) to the specific device logging in to the actual registered application. Token stores a unique private key per site, secured by fingerprint. During login, it signs a one-time challenge from the real site's FIDO2 server, which verifies the signature and origin. If the origin doesn't match, the login is rejected — blocking phishing and spoofing outright. This stops real-time phishing because every credential is cryptographically locked to the exact web origin it was created for, and the authenticator will only sign a challenge that (a) comes from that origin and (b) is confirmed by a live fingerprint-match. A phisher can steal nothing re-usable and cannot trick the token into signing for the wrong site. If Aflac employees were using a Token product, the hack could not have occurred. Why the 'real-time relay' trick fails 1. User originally registered a Token device with the true site a. during the registration with the true site, public/private cryptographic key pair is negotiated which is required and validated during every subsequent passkey operation from that device to that site b. the serving site retains the public key which is used for further trusted communications with the private key on the device 2. Hacker pushes a phishing email to the victim. 3. Victim opens the phish page. The page's origin is 4. A sophisticated Phish page could potentially ask for Authentication for the true site not Browser passes rpIdHash = SHA-256(" to the token. Token Ring has no key for that hash ⇒ authentication fails. 5. Even if the Browser passes the true page name to the Token FIDO2 authenticator, the attacker's domain does not possess the cryptographic credentials for the true page to complete the authentication process with the private key on the device 6. Token Device has no identity for the incorrectly cyphered request ⇒ authentication fails - technically doesn't occur If the attacker tries to be very clever and relay the legitimate site's WebAuthn challenge through its proxy: The challenge was generated for the browser at the phish site still reports its own origin, so the signature the authenticator creates cannot be validated by the real server (rpIdHash mismatch). Expand Summary: Because Token products store a negotiated key pair per site and will only release a signature when: The site matches the domain the user is really visiting, and the domain has the secret key pair which matches the initial device registration, and The fingerprint sensor verifies the legitimate user. A remote adversary has no path to 'spoof the key' or 'forward the signature' the way they can with OTP codes or push-approval apps. Implemented correctly, FIDO2 offers true phishing-resistant MFA — and that's what makes biometric Token products orders of magnitude safer than legacy MFA. The fastest, most effective way to lock down your data and networks is to roll out Token Ring or Token BioStick across your workforce. Even if an employee falls for a phishing email, hackers still hit a dead end. Why? Because legacy MFA — like SMS codes and authenticator apps — is laughably easy to bypass. Hackers relay codes, spoof app prompts, and trick users every day. But Token's biometric FIDO2 authentication and proximity controls make that impossible. Credentials never leave the device, can't be replayed, and only work with a live fingerprint match and the right domain next to the actual device logging in. It's the difference between a padlock and a vault. About Token In a world of stolen identities and compromised user credentials, Token is changing the way our customers secure their organizations by providing passwordless, biometric, multifactor authentication. We deliver the next generation of multifactor authentication that is invulnerable to social engineering, malware, and tampering for organizations where breaches, data loss, and ransomware must be prevented. To learn more, visit
Yahoo
22-06-2025
- Business
- Yahoo
Customer data possibly leaked in Aflac cyberattack, the third insurance hack this month
Insurance company Aflac disclosed this week that cybercriminals breached its U.S. network and may have accessed customers' personal information, the latest in a string of cyberattacks on insurance companies announced this month. Aflac, which provides home and life insurance and manages data for more than 50 million policyholders, said in a June 20 federal regulatory filing it identified suspicious activity on its U.S. network on June 12. The company said it believes it stopped the intrusion within hours of identifying it, calling the attack part of a 'cybercrime campaign against the insurance industry.' The breach potentially impacted files containing customers' personal information, such as Social Security numbers and health-related details. Aflac said it is investigating the breach with the help of third-party cybersecurity experts and has not yet determined how many customers were affected. An Aflac spokesperson told Reuters that the characteristics of the incident were consistent with the hacking group Scattered Spider, which has a reputation for targeting multiple companies in a single industry in waves. More: This is how you stop online trackers from collecting your health data Latest Tech News: Is TikTok getting banned? Trump says he'll 'probably' extend deadline again It's the largest insurance provider yet to disclose a breach this month, after cyberattacks on Erie Insurance and Philadelphia Insurance Companies disrupted their network operations. Aflac said the attack did not affect its systems and it is able to continue providing services as usual while it responds to the security breach. Contributing: Reuters. Kathryn Palmer is a national trending news reporter for USA TODAY. You can reach her at kapalmer@ and on X @KathrynPlmr. This article originally appeared on USA TODAY: Aflac investigating data leak after cyber attack breach hack
Yahoo
21-06-2025
- Business
- Yahoo
Customer data possibly leaked in Aflac cyberattack, the third insurance hack this month
Insurance company Aflac disclosed this week that cybercriminals breached its U.S. network and may have accessed customers' personal information, the latest in a string of cyberattacks on insurance companies announced this month. Aflac, which provides home and life insurance and manages data for more than 50 million policyholders, said in a June 20 federal regulatory filing it identified suspicious activity on its U.S. network on June 12. The company said it believes it stopped the intrusion within hours of identifying it, calling the attack part of a 'cybercrime campaign against the insurance industry.' The breach potentially impacted files containing customers' personal information, such as Social Security numbers and health-related details. Aflac said it is investigating the breach with the help of third-party cybersecurity experts and has not yet determined how many customers were affected. An Aflac spokesperson told Reuters that the characteristics of the incident were consistent with the hacking group Scattered Spider, which has a reputation for targeting multiple companies in a single industry in waves. More: This is how you stop online trackers from collecting your health data Latest Tech News: Is TikTok getting banned? Trump says he'll 'probably' extend deadline again It's the largest insurance provider yet to disclose a breach this month, after cyberattacks on Erie Insurance and Philadelphia Insurance Companies disrupted their network operations. Aflac said the attack did not affect its systems and it is able to continue providing services as usual while it responds to the security breach. Contributing: Reuters. Kathryn Palmer is a national trending news reporter for USA TODAY. You can reach her at kapalmer@ and on X @KathrynPlmr. This article originally appeared on USA TODAY: Aflac investigating data leak after cyber attack breach hack
Forbes
21-06-2025
- Business
- Forbes
Aflac Data Breach By Scattered Spider Hackers Is No Quacking Matter
NEW YORK - FEBRUARY 25: The Aflac Duck rings the closing bell at the New York Stock Exchange on ... More February 25, 2010 in New York City. (Photo by) When you hear the name Aflac, you, probably like me, hear the quacking duck from their commercials. Unfortunately, however the recently announced data breach at Aflac is no quacking matter. Aflac disclosed on June 20th that it had suffered a data breach that may have compromised sensitive personal information held by the company, which offers a wide range of insurance products to millions of people. According to Aflac, it noticed suspicious activity on its networks on June 12th and is now in the early stages of investigating the extent of the data breach with the help of outside cybersecurity experts. Aflac's press release states that it did not find evidence of ransomware, but doesn't yet know the extent of the data breach which may include social security numbers and other sensitive information. It is believed that the data breach was the work of the infamous hacking group called Scattered Spider which focuses its efforts on one specific industry at a time, often using ransomware. The September 2023 ransomware attacks on MGM Resorts and Caesars Entertainment were attributed to Scattered Spider. Now, according to the Google Threat Intelligence Group, Scattered Spider is targeting the insurance industry. Earlier this month Erie Insurance suffered a data breach attributed to Scattered Spider. Google Threat Intelligence Group chief analyst John Hulquist warned 'Given this actor's history of focusing on a sector at a time, the insurance industry should be on high alert, especially for social engineering schemes, which target their help desks and call centers.' Scattered Spider is thought to be made up of English-speaking Americans and British hackers. In 2024 four Americans and one British national were indicted on cybercriminal charges related to activities of Scattered Spider. Social engineering is the cornerstone of the crimes of Scattered Spider and, according to Aflac, was how their data breach was accomplished. The hackers of Scattered Spider have been known to call IT support posing as employees of the company they are targeting and convince the IT support staff to reset passwords or multi-factor authentication. Scattered Spider also attacks Managed Service Providers which are third-party companies that remotely manage the network and infrastructure systems for companies. Often these Managed Service Providers are a weak link in a company's security. Additionally, Managed Service Providers provide their services to many customers so breaching their security turns into one stop shopping for hackers targeting multiple companies. Alfac is offering free credit monitoring and identity theft insurance to its customers for two years. If you are an Aflac customer and wish to get those free benefits, you should call Aflac's Call Center at 1-855-0305. Potential victims of this data breach should also freeze their credit if they have not already done so. Freezing your credit is something everyone should do. It is free and easy to do. It protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number. If you have not already done so, put a credit freeze on your credit reports at all of the major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze: Equifax TransUnion Experian Everyone also should monitor their credit reports regularly for indications of identity theft. The three major credit reporting agencies now provide free weekly access to your credit reports so you can monitor your credit reports easily on your own. Here is the only link to use to get your free credit report. Finally, be wary of anyone who calls you purporting to help you in regard to this or any other data breach who asks for personal information regarding a data breach as that is a favorite tactic of hackers to lure you into providing additional personal information that can lead to your becoming a victim of identity theft. Also, as always, never click on a link or download an attachment to an email or text message unless you have absolutely confirmed that it is legitimate and don't provide personal information in response to an email, text message or phone call unless you have absolutely confirmed that the communication was legitimate.
