Aflac stated Friday that cybercriminals breached its laptop techniques, doubtlessly exposing among the most private information — together with Social Safety numbers and well being care info — of an unknown variety of People and marking the newest in a current string of on-line assaults in opposition to insurance coverage corporations.
The Columbus, Georgia-based insurance coverage supplier stated that it detected suspicious exercise on its US networks, rapidly responded to it and managed to cease the net intruders “inside hours.” Aflac added that its enterprise stays operational and that its techniques weren’t contaminated with ransomware.
Aflac is the newest and largest insurance coverage firm to up to now be focused by cybercriminals. Philadelphia Insurance and Erie Insurance had been hit by cyberattacks this month and have but to renew full operations.
“This assault, like many insurance coverage corporations are at present experiencing, was attributable to a complicated cybercrime group,” Aflac said in a statement with out offering particulars to again that declare. “This was a part of a cybercrime marketing campaign in opposition to the insurance coverage trade.”
Aflac stated that it is working with exterior cybersecurity specialists to analyze the breach. It is within the strategy of figuring out which of its information had been doubtlessly compromised and the way many individuals could have been affected. The possibly affected information might embody buyer information like Social Safety numbers, insurance coverage claims, well being info and different private particulars. Details about Aflac’s workers, brokers and different folks concerned in its US companies may be compromised, the corporate stated.
Whereas that investigation continues to be in its early levels, Aflac stated it seems that the attackers gained entry to its networks by means of a social engineering assault, the place as a substitute of breaking into a pc system attackers will typically pose as somebody in authority, like an government or IT employee, to trick an worker into handing over their legit login credentials.
John Hultquist, chief analyst for Google’s Risk Intelligence Group, stated the current assaults in opposition to the insurance coverage corporations “bear all of the hallmarks” of the Scattered Spider cybercrime group, which has been tied to high-profile assaults in opposition to monetary providers, telecommunications and Las Vegas casinos and motels.
“Given this actor’s historical past of specializing in a sector at a time, the insurance coverage trade needs to be on excessive alert, particularly for social engineering schemes which goal their assist desks and name facilities,” Hultquist stated in a press release.
Whereas it is but to be decided precisely who has been affected and the way unhealthy the harm might be, Aflac has taken the unsual step of already providing to offer free credit score monitoring, id theft safety and Medical Defend protection for twenty-four months to prospects who contact its name middle at 855-361-0305.
Aflac is the biggest supplier of supplemental medical health insurance within the US and has a worldwide buyer base of about 50 million folks.
