Major Insurance Company Hit by Cyber Attack: What Customers Should Do Immediately

On June 12, 2025, Aflac identified suspicious activity on its network and immediately initiated cybersecurity incident response protocols. According to the company's official statement, "We promptly initiated our cyber incident response protocols and stopped the intrusion within hours. Importantly, our business remains operational, and our systems were not affected by ransomware."

Despite the quick response, the investigation revealed that unauthorized parties may have accessed sensitive customer information. The company confirmed that "claims information, health information, social security numbers, and/or other personal information, related to customers, beneficiaries, employees, agents, and other individuals in our U.S. business, are among the potentially impacted files."

The attack was carried out using social engineering tactics, a hallmark technique where cybercriminals manipulate individuals into revealing security information or providing access to secure systems. Aflac described the incident as being "caused by a sophisticated cybercrime group" as part of "a cybercrime campaign against the insurance industry."

The Broader Insurance Industry Threat

Aflac's breach is not an isolated incident but part of a coordinated campaign targeting the insurance sector. Philadelphia Insurance Companies and Erie Insurance were hit by similar attacks earlier in June, causing widespread disruptions to their IT systems and customer services.

Security experts have linked these attacks to a cybercrime group known as Scattered Spider, a loose collective of young English-speaking criminals affiliated with a larger network called "The Com." This group has a track record of focusing on entire industries at once, creating waves of attacks that exploit similar systems and processes across the sector.

Cynthia Kaiser, former deputy assistant director of the FBI's Cyber Division, issued a stark warning about this group's capabilities. "If Scattered Spider is targeting your industry, get help immediately," she cautioned. "They can execute their full attacks in hours. Most other ransomware groups take days."

How Scattered Spider Operates

Scattered Spider has gained notoriety for their aggressive tactics and unpredictable behavior. The group shot to prominence in September 2023 when they orchestrated multimillion-dollar attacks on Las Vegas casinos MGM Resorts and Caesars Entertainment, causing widespread operational disruptions.

The group's modus operandi involves registering web domains that closely resemble trusted help desks used for IT support, making their deception more convincing. They then use these fake interfaces to conduct social engineering attacks, often targeting help desks and call centers where employees may be more susceptible to manipulation.

Recent intelligence indicates that Scattered Spider recently conducted a weeks-long attack campaign against retailers in the U.S. and U.K. before pivoting their attention to the insurance industry. This pattern of sector-focused campaigns allows them to develop specialized knowledge of industry-specific vulnerabilities and exploit them across multiple targets.

What Aflac Customers Should Do Immediately

If you are an Aflac customer, there are several important steps you should take to protect yourself from potential identity theft and fraud.

Contact Aflac's Dedicated Hotline

Aflac has established a dedicated call center to assist affected customers. You can reach them at 1-855-361-0305. The hotline became available starting June 20 at 8:00 a.m. Eastern Time and operates during the following hours:

• Monday through Friday: 9:00 a.m. to 9:00 p.m. Eastern Time
• Saturday: 9:00 a.m. to 5:30 p.m. Eastern Time
• Sunday: 10:00 a.m. to 4:00 p.m. Eastern Time

The call center will remain available through the end of June, excluding major U.S. holidays.

Take Advantage of Free Protection Services

Aflac is offering comprehensive protection services at no cost to affected customers. According to the company, "Aflac is offering any individual who contacts its dedicated call center free credit monitoring and identity theft protection, and Medical Shield for 24 months."

These services can help detect unauthorized use of your personal information and provide assistance if identity theft occurs. The 24-month duration provides extended protection during the period when your information could potentially be misused.

Monitor Your Financial Accounts

Regularly check your bank accounts, credit card statements, and insurance accounts for any suspicious activity. Set up account alerts if available, so you're notified immediately of any transactions or changes to your accounts.

Review Your Credit Reports

Obtain free copies of your credit reports from all three major credit bureaus (Experian, Equifax, and TransUnion) through AnnualCreditReport.com. Look for any accounts or inquiries you don't recognize, which could indicate someone is using your information fraudulently.

Consider Placing a Credit Freeze

A credit freeze prevents new creditors from accessing your credit report, making it much more difficult for identity thieves to open new accounts in your name. You can place and lift freezes for free with all three credit bureaus.

Understanding the Risks of Health Data Exposure

The potential exposure of health information creates unique risks beyond typical financial identity theft.

Medical identity theft can result in fraudulent medical claims, incorrect information being added to your medical records, and difficulties obtaining healthcare or insurance coverage in the future.

Health data is particularly valuable to criminals because it includes detailed personal information that can be used for various types of fraud.

Unlike financial account numbers that can be changed, medical information and Social Security numbers are permanent, making their theft potentially more damaging long-term.

Legal Rights and Recourse

Customers whose information was compromised may have legal rights depending on the specific circumstances of their situation.

Data breach laws vary by state, but generally provide protections for consumers whose personal information is inadequately safeguarded by companies.

If you experience financial losses or other damages as a result of this breach, you may be entitled to compensation.

It's important to document any expenses related to monitoring your accounts, obtaining new identification documents, or addressing fraudulent activity.

Broader Cybersecurity Implications

The Aflac breach underscores the escalating threat that sophisticated cybercrime groups pose to American businesses and consumers.

The insurance industry's vast repositories of personal and financial data make it an attractive target for criminals seeking to profit from identity theft and fraud.

The fact that these attacks are being carried out by groups within the U.S. and U.K., rather than traditional overseas criminal organizations, presents unique challenges for law enforcement and cybersecurity professionals.

The domestic nature of these threats allows criminals to operate with greater familiarity with American business practices and security systems.