Aflac, one of the largest U.S. insurance providers, disclosed on June 20, 2025, that it was the target of a sophisticated cyberattack on June 12. This incident is part of a broader cybercrime spree specifically targeting the insurance industry, with recent similar breaches at Erie Insurance and Philadelphia Insurance Companies.
Nature and Scope of the Attack
The attackers used social engineering tactics, such as impersonating tech support, to deceive employees and gain access to Aflac’s systems. This approach is consistent with the techniques of the cybercriminal group known as Scattered Spider, though Aflac has not officially confirmed the group’s involvement. Aflac reported that the breach was detected and contained within hours, and no ransomware was deployed. The company’s core systems remain operational, and there has been no disruption to underwriting, claims processing, or customer service.
The review is ongoing, but Aflac acknowledged that files potentially accessed by the attackers include claims information, health records, Social Security numbers, and other personal data related to customers, employees, beneficiaries, and agents.
Industry Context
The attack on Aflac is part of a wave of cyber intrusions affecting the insurance sector, with researchers and the FBI noting a surge in sophisticated attacks using similar methods. Scattered Spider, a loosely organized group believed to consist of young hackers from the U.S. and U.K., has previously targeted major corporations using aggressive social engineering and extortion tactics. They were also linked to the high-profile 2023 breaches at MGM Resorts and Caesars Entertainment.
Company Response and Next Steps
Aflac has engaged third-party cybersecurity experts to investigate and is reviewing the extent of the data compromised. The company cannot yet determine how many individuals were affected. Aflac plans to notify regulators and will send breach letters to affected individuals. Impacted parties will be offered free credit monitoring and identity theft protection services.
The company emphasized that it continues to serve customers and that all core insurance functions remain fully operational.
