America’s leading supplemental insurance provider, Aflac, confirmed it detected a cyberattack on its U.S. network on June 12, and early investigation suggests customer data—including claims information, health records, and Social Security numbers—may have been exposed.

🔒 What We Know So Far

• Aflac detected suspicious activity on its U.S. network and stopped the breach within hours. No ransomware was found, and core operations continue uninterrupted.
• The attack was attributed to sophisticated social engineering tactics, likely tied to the Scattered Spider hacker group, which has targeted other insurers recently.
• Though the full impact is still under review, the compromised data likely includes claims, health information, Social Security numbers, and details of beneficiaries, employees, and agent.

🧠 Industry Context & Threat Profile

This breach is part of a broader cybercrime spree targeting insurance companies:

• Scattered Spider—known for social-engineering attacks—has also hit insurers like Erie Indemnity and Philadelphia Insurance.
• Experts warn that such human-driven intrusion tactics are increasingly dangerous, as they exploit employee trust rather than technical vulnerabilities.

🛡️ How Aflac Is Responding

• Partnered with leading third-party cybersecurity firms to investigate the breach.
• Offering 24 months of free credit monitoring, identity-theft protection, and Medical Shield services to those potentially affected.
• Launched a dedicated call center to help customers assess risk and enroll in protective services.

⚠️ What Customers Should Do

To stay safe, follow these critical steps:

1. Enroll in Aflac’s free credit and identity protection services.
2. Monitor your credit reports regularly via Equifax, Experian, and TransUnion.
3. Be alert for phishing or scam attempts pretending to be from Aflac.
4. Enable MFA on all online accounts.
5. Freeze your credit if you suspect your identity has been misused.

📉 Legal Action on the Horizon

Just days after Aflac’s disclosure, an Alabama law firm filed a class-action lawsuit, alleging Aflac was negligent in protecting customer data, failed to notify soon enough, and withheld full details of the breach.

📢 Final Take

This latest breach underscores the escalating cybersecurity risk facing U.S. insurers. As social-engineering attacks become more sophisticated, companies and consumers alike must remain vigilant and proactive.

If you’re an Aflac customer, your data may be at risk—so act now to enroll in protections, monitor your accounts, and consider extra measures like credit freezes.