Aflac Inc., the Columbus-based insurance giant, disclosed on Friday that it suffered a cybersecurity breach as part of a sophisticated hacking campaign targeting the insurance sector. The cyberattack was detected last week and halted within hours, with Aflac confirming that its business operations remained unaffected and its systems were not compromised by ransomware.
The breach, discovered on June 12, involved unauthorized access to Aflac’s network through “social engineering tactics,” according to preliminary findings from third-party cybersecurity experts hired by the company. These tactics typically involve impersonating tech support or other external entities to trick employees into divulging security information or granting system access.
Aflac, which reported nearly $19 billion in annual revenue in 2024 and serves tens of millions of customers, emphasized that its services remain uninterrupted. “We can underwrite policies, review claims, and otherwise service our customers as usual,” the company stated.
The incident is part of a broader cybercrime spree affecting the insurance industry, with Erie Insurance and Philadelphia Insurance Companies also falling victim to similar hacks earlier in June. According to CNN, these breaches are consistent with the tactics of a cybercrime group known as Scattered Spider, known for infiltrating large corporations using social engineering methods.
While Aflac has not disclosed the specific details of the cybercrime group responsible, they acknowledged it was “a highly sophisticated and well-known group.” The company is currently investigating the breach with the help of cybersecurity experts.
The breach has raised concerns about the potential exposure of customer data, including Social Security numbers, insurance claims, or health information. Aflac has not confirmed whether any such data was stolen during the incident.
As the investigation continues, Aflac assures its customers that their services will remain unaffected. The company’s ability to underwrite policies, process claims, and serve its customers remains operational, providing continuity amidst the ongoing cybersecurity investigation.
