Insurance brokers are watching closely after Aflac confirmed a cyberattack, the latest in a wave hitting major insurers across North America. The company disclosed that the breach, detected on June 12, was carried out by an “advanced cybercrime group” and may have exposed sensitive customer data. External cybersecurity firms are working alongside Aflac’s internal team to assess the extent of the intrusion, which was reportedly contained within hours.
Broker perspective: increased scrutiny, steady trust For brokers placing business with large carriers, the incident underscores the importance of rigorous digital security. Yet despite the concerns, many brokers say such breaches have become part of the operating landscape. “Bad actors attacking insurance companies is not new. This has happened, unfortunately, several times,” Dobbs said, referring to the CNA Financial breach. “Underwriters were using personal emails just to function.”
“We live in a world where bad actors are always going to go after wherever the richest treasure trove is. Insurance companies, all of them, will be that,” she added. The Aflac incident follows similar breaches reported by CNA and many others. These cases reflect a persistent focus on health insurers due to the high value of their data. “Keep in mind that they aggregate all of your health data. There’s a treasure trove of information for them to gather. Submitting fraudulent insurance claims is one of the most favored ways that bad actors can get money,” Dobbs explained.
In this instance, hackers appeared to target personal data for exfiltration rather than deploy ransomware. Social Security numbers and health records are among the data potentially exposed. Investigators believe the tactics align with those of Scattered Spider, a cybercriminal group known for social engineering and impersonation strategies.
Urgency Grows Around Cyber Defenses
These attacks are increasing pressure on carriers to invest in proactive cybersecurity measures. Brokers are also adjusting, encouraging clients to question not just pricing and coverage – but operational resilience. “This is kind of the norm of what we will continue to see going into the future. Pressure will just be put on companies to button up their security systems,” Dobbs said.
Aflac has begun notifying impacted individuals and relevant authorities. Its shares dropped 1.3% in premarket trading following the announcement. The scale of risk is reminiscent of last year’s breach at UnitedHealth, which compromised data from about 100 million Americans. For brokers, the trend affirms that evaluating insurers now goes beyond financial strength or claims service. “Insurance companies have to be on task 365 days a year. Bad actors only have to be lucky once,” Dobbs noted.
