Edward Kiledjian's Threat Intel

Aflac Cyberattack Exposes Sensitive Customer Data in Wave of Insurance Industry Breaches

Aflac confirmed a cybersecurity incident on June 12, 2025, involving unauthorized access to its U.S. systems, potentially exposing personal data including Social Security numbers, health records, and claims information. The attack was not ransomware-related and was contained within hours, with no impact on business operations. While the company has not confirmed attribution, cybersecurity researchers suggest the incident may be linked to Scattered Spider, a group known for targeting the insurance sector using advanced social engineering tactics. Aflac has retained third-party forensic experts and is offering up to 24 months of free identity protection and credit monitoring to affected individuals.

This attack is part of a broader surge in cyber threats targeting insurers, with recent similar incidents affecting Philadelphia Insurance and Erie Insurance. Security experts emphasize that such intrusions increasingly rely on social engineering rather than encryption or extortion. Aflac has not disclosed how many customers were affected, and the investigation remains ongoing. The event underscores the shifting nature of cyber risk in sectors handling sensitive personal data and the growing importance of proactive, layered defences.

www.strategicrevenue.com/aflac-hit…