Aflac could be the latest US insurance giant hit by a Scattered Spider cyberattack
Another major US insurance firm has been targeted by cybercriminals.
- Insurance giant AFLAC confirms it has been hit with a cyberattack
- The attack looks to have been by notorious Scattered Spider group
- Increasingly infamous group targeted multiple UK retailers earlier in 2025
AFLAC (American Family Life Assurance Company), has confirmed in a statement it has suffered a cyber ‘incident’ in which hackers intruded into its network.
AFLAC, the largest supplemental insurance provider in the US, says it was able to stop the intrusion ‘within hours’ and systems were not affected by ransomware.
Whilst AFLAC hasn’t confirmed the source of the breach or who was behind it, the breach exhibits all the signs of a Scattered Spider attack.
Save up to 68% on identity theft protection for TechRadar readers!
TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.
Preferred partner (What does this mean?)View Deal
A wider campaign
The name Scattered Spider will sound familiar to lots of readers, especially given that the group is allegedly behind major and disruptive breaches of UK retailers Marks and Spencer and Co-op, as well as luxury department store Harrods.
Google recently warned the group was aiming its sights on US firms, and urged the US insurance sector to be on high alert for social engineering and credential stuffing attacks.
Insurance companies are particularly at risk as they hold vast amounts of personal data and turn huge profits which can be exploited for ransom.
“This attack, like many insurance companies are currently experiencing, was caused by a sophisticated cybercrime group. This was part of a cybercrime campaign against the insurance industry,” AFLAC’s statement stated.
“The potentially impacted files contain claims information, health information, social security numbers, and/or other personal information, related to customers, beneficiaries, employees, agents, and other individuals in our U.S. business. We remain committed to caring for and supporting our customers.”
Anyone who uses any services hit by this group (or affected by any data breach) should be very wary of any unexpected communications, looking out for social engineering attacks, and should check out the best identity theft protection software to keep safe.
AFLAC is also offering 24 months of free credit monitoring and identity theft protection services for customers who contact their hotline following the breach.
Via BleepingComputer
You might also like
- Take a look at our picks for the best malware removal software around
- Check out our choice for best antivirus software
- M&S and Co-op hacks publicly defined as a single attack - and could cost more than £400 million
