U.S. insurance giant Aflac has confirmed a massive data breach impacting approximately 22.65 million customers. The stolen information includes highly sensitive personal and health data, exposing individuals to potential identity theft and fraud.
Details of the Breach
According to filings with state attorneys general in Texas and Iowa, the compromised data includes:
- Customer names
- Dates of birth
- Home addresses
- Government-issued identification numbers (passports, state IDs)
- Driver’s license numbers
- Social Security numbers
- Medical and health insurance information
The breach was discovered in June, but the full extent of the impact was only recently disclosed. Aflac has begun notifying affected individuals.
Suspected Perpetrators: Scattered Spider
Evidence suggests the attack was carried out by Scattered Spider, a notorious hacking group known for targeting the insurance industry. This collective, comprised primarily of young English-speaking hackers, has been linked to numerous similar breaches. Law enforcement and cybersecurity experts believe Scattered Spider may have been systematically targeting insurers at the time of the attack.
Industry-Wide Risk
This incident highlights the increasing vulnerability of the insurance sector to cybercrime. Insurers hold vast amounts of sensitive customer data, making them attractive targets for financially motivated hackers. The breach raises concerns about data security practices within the industry and the potential for future attacks.
Aflac’s Response
Aflac has not yet responded to inquiries regarding the breach. The company serves around 50 million customers globally, meaning nearly half were affected by this incident.
The scale of this breach underscores the urgent need for stronger cybersecurity measures within the insurance industry. Customers should monitor their credit reports and take steps to protect their personal information following this exposure.
