Aflac Reports 22.6 Million Individuals Impacted by Earlier Cyber Incident

Aflac has revealed that its investigation into a cybersecurity incident, which was first discovered six months ago, has impacted over 22.6 million individuals.

The Columbus, Georgia-based health and life insurer announced earlier this month that it has begun notifying those affected. As of now, Aflac has not identified any fraudulent use of personal identifiable information and will continue to monitor the situation closely. The company determined on December 4 that the files potentially affected likely contained sensitive personal information, prompting the notifications.

In June, Aflac disclosed that it was investigating a breach on its U.S. network, which may have exposed customers’ personal information. The cyberattack was detected on June 12 and is believed to be linked to the cybercrime group known as Scattered Spider.

Following Aflac’s announcement, the Google Threat Intelligence Group issued an advisory indicating that Scattered Spider appeared to be shifting its focus from retail sectors to insurance companies. Both Erie Insurance and Philadelphia Insurance reported network outages around the same time. Erie announced in July that it had fully restored its business operations and found no evidence of a data breach. Just days earlier, Philadelphia confirmed it had restored its networks and stated that no ransomware event had occurred.

In its latest statement, Aflac emphasized that it promptly initiated an investigation with the assistance of third-party cybersecurity experts and notified federal authorities. The incident involved Aflac’s customers, beneficiaries, employees, agents, and other related individuals. Potentially accessed information includes names, contact details, claims information, health records, social security numbers, and other personal data.

“Importantly, the security incident was contained within hours; our systems were not affected by ransomware and remained operational,” Aflac stated.

Additionally, in June, Aflac faced a proposed class-action lawsuit in a Georgia federal court, which is still ongoing. Erie Insurance is also dealing with two class-action lawsuits related to its own cyber incident.

Topics
Cyber

Aflac has revealed that its investigation into a cybersecurity incident, which was first discovered six months ago, has impacted over 22.6 million individuals.

The Columbus, Georgia-based health and life insurer announced earlier this month that it has begun notifying those affected. As of now, Aflac has not identified any fraudulent use of personal identifiable information and will continue to monitor the situation closely. The company determined on December 4 that the files potentially affected likely contained sensitive personal information, prompting the notifications.

In June, Aflac disclosed that it was investigating a breach on its U.S. network, which may have exposed customers’ personal information. The cyberattack was detected on June 12 and is believed to be linked to the cybercrime group known as Scattered Spider.

Following Aflac’s announcement, the Google Threat Intelligence Group issued an advisory indicating that Scattered Spider appeared to be shifting its focus from retail sectors to insurance companies. Both Erie Insurance and Philadelphia Insurance reported network outages around the same time. Erie announced in July that it had fully restored its business operations and found no evidence of a data breach. Just days earlier, Philadelphia confirmed it had restored its networks and stated that no ransomware event had occurred.

In its latest statement, Aflac emphasized that it promptly initiated an investigation with the assistance of third-party cybersecurity experts and notified federal authorities. The incident involved Aflac’s customers, beneficiaries, employees, agents, and other related individuals. Potentially accessed information includes names, contact details, claims information, health records, social security numbers, and other personal data.

“Importantly, the security incident was contained within hours; our systems were not affected by ransomware and remained operational,” Aflac stated.

Additionally, in June, Aflac faced a proposed class-action lawsuit in a Georgia federal court, which is still ongoing. Erie Insurance is also dealing with two class-action lawsuits related to its own cyber incident.

Topics
Cyber