Aflac Hit by Cyberattack: What You Need to Know About the Breach

In a troubling development for the insurance sector, Aflac has publicly disclosed a significant cybersecurity breach, confirming that sensitive data may have been accessed by a sophisticated and unidentified cybercrime group.

As one of the largest providers of supplemental insurance in the United States, serving millions of policyholders, this incident has raised serious alarms among stakeholders, customers, and cybersecurity professionals alike.

The breach is yet another reminder of the growing vulnerabilities within the financial and healthcare-related sectors, both of which are increasingly targeted by threat actors.

What Happened?

On June 12, 2025, Aflac’s internal cybersecurity systems flagged suspicious activity occurring within its U.S. operations. Acting swiftly, the company activated its incident response protocols and was able to contain the intrusion within hours.

According to the insurer’s statement, ransomware was not deployed, and there was no disruption to ongoing business operations. The breach, however, did involve unauthorized access to sensitive information housed on the company’s network.

How the Aflac Breach Occurred

The method of intrusion has been attributed to social engineering. Although Aflac has not officially named the attackers, cybersecurity analysts and experts strongly suspect the involvement of the group known as Scattered Spider. This group has gained notoriety for posing as tech support personnel and leveraging trust to gain deep access into corporate infrastructures.

Was a Third Party Involved?

The breach did not involve a third-party provider. The attackers used social engineering tactics to infiltrate the company’s network.

The similarity of this breach to others attributed to Scattered Spider, especially in terms of tactics and targeted industry, has led many in the cybersecurity community to view it as part of a coordinated offensive against the insurance sector.

SOCRadar’s Dark Web Monitoring module continuously tracks emerging threats and threat actor activities, helping organizations stay informed and prepared. If you want to learn more about the tactics and past operations of the Scattered Spider threat actor group, visit our article Dark Web Profile: Scattered Spider.

What Data Was Compromised in the Aflac Breach?

The preliminary findings suggest that the attackers accessed an expansive range of Personally Identifiable Information (PII). The compromised files potentially include:

• Health insurance claims and medical-related data
• Social Security numbers (SSNs)
• Personal data associated with customers, beneficiaries, employees, agents, and potentially other associated individuals

At this time, Aflac is still reviewing the total number of affected parties and the exact nature of the data exposed. This evaluation is expected to take time due to the breadth and complexity of the data stored across Aflac’s systems.

Aflac’s Immediate Response and Mitigation Steps

Aflac acted quickly to mitigate any further damage once the intrusion was detected. In the aftermath, the company has:

• Partnered with leading third-party cybersecurity experts to conduct a comprehensive forensic investigation
• Set up a dedicated customer assistance call center operational throughout June
• Offered 24 months of complimentary services, including credit monitoring, identity theft protection, and Medical Shield coverage for those potentially impacted

Additionally, Aflac reiterated that all core business functions, including claims processing and policy underwriting, remain fully operational and secure.

Industry-Wide Implications

The breach of Aflac’s network aligns with a troubling trend of cyberattacks directed at the insurance industry. Security analysts from Google’s Threat Intelligence Group (GTIG) have identified a series of similar intrusions across the U.S., with attackers targeting entities that manage sensitive financial and medical data. These patterns highlight a strategic focus by threat groups on industries that yield high-value data with minimal resistance.

The attack on Aflac is now seen as part of a larger campaign, where insurance firms are being targeted not just for financial extortion, but also for the vast quantities of exploitable data they manage.

Why the Insurance Sector Is Under Siege

Insurers operate as central repositories of sensitive data: health histories, financial details, Social Security numbers, and much more. Unlike some industries, the breach of an insurer can simultaneously compromise policyholders, agents, and even internal employees. These multiple attack vectors make insurance companies appealing and high-value targets for cybercriminal operations.

In addition, insurers often interact with other healthcare and financial institutions, further amplifying the potential damage from a successful breach.

Check out SOCRadar Labs’ Industry Threat Landscape Report page to receive a free instant report featuring the latest cyber threat trends and attacker activity in your sector. Gain insights to help protect your organization with up-to-date, actionable intelligence.

What Customers Should Do Now

Anyone who has interacted with Aflac, whether as a policyholder, beneficiary, or employee, should take proactive measures:

• Enroll in the 24-month protection services offered by the company
• Regularly monitor bank accounts, insurance claims, and credit reports for signs of fraud or unusual activity
• Remain cautious about unsolicited communication asking for personal information, which could be follow-up phishing attempts

Timely action can significantly reduce the risks of long-term identity theft or financial fraud.

Aflac has pledged full transparency as investigations continue. You can read the official statements through Aflac’s newsroom and filings with the U.S. Securities and Exchange Commission.