Aflac Cyberattack Exposes Customers’ Personal Data: What We Know

🧨 Overview of the Incident

On June 12, 2025, Aflac’s U.S. network detected malicious activity linked to a sophisticated cybercrime group, likely the notorious "Scattered Spider," known for intricate social-engineering tactics. Within hours, Aflac successfully halted the intrusion, and systems remained fully operational with no ransomware deployed.

🔐 Compromised Data

Aflac has warned that the breach may have exposed sensitive personal information, including

• Social Security numbers
• Insurance claims
• Health and medical records
• Personal data of customers, employees, agents, and beneficiaries

The investigation remains ongoing, and the exact number of affected individuals has not been disclosed.

👥 Who Is Behind the Attack?

The intrusion bears the hallmarks of Scattered Spider, a cybercrime collective that uses social engineering—often masquerading as tech-support—to deceive employees and gain internal access. The group has recently targeted Erie Insurance and Philadelphia Insurance Companies in similar breaches.

🏛️ Aflac’s Response

• Intrusion halted swiftly, within hours on June 12.
• Full operations maintained, with no ransomware infection.
• Engaged third-party cybersecurity experts to investigate.
• Offering 24 months of complimentary credit monitoring, identity theft protection, and their Medical Shield service to impacted individuals.
• Will notify regulators and affected parties as required.

🚨 Broader Industry Patterns

This is the latest in a string of recent breaches in the insurance and retail sectors—including Erie Insurance, Philadelphia Insurance, UnitedHealth/Change Healthcare, and prominent UK retailers.

Experts report a 44% increase in global cyberattacks last year, with AI-enabled tools enhancing attack sophistication.

✅ What Customers Should Do

1. Monitor your credit for unusual activity.
2. Consider free membership in the identity-theft protection plan offered by Aflac.
3. Stay alert for phishing calls or emails pretending to be Aflac support.
4. Enable multi-factor authentication (MFA) anywhere your data is used.

🔧 How Adaptive Can Help

Adaptive provides cutting-edge cybersecurity solutions designed specifically to address sophisticated threats like those used by "Scattered Spider." Our platform uses advanced threat detection, real-time monitoring, and proactive threat mitigation to protect businesses from data breaches and cyberattacks. By leveraging AI-driven analytics, Adaptive helps identify vulnerabilities, strengthens security protocols, and reduces the risk of human error through ongoing training and awareness programs.

🔍 Final Take

This breach is a stark reminder that even secure, well-managed systems can be compromised through human weakness. As Aflac navigates this crisis, the incident underscores both the growing frequency of cyberattacks in the financial-services sector and the critical need for ongoing employee vigilance and protection services.

If you’re an Aflac customer, be sure to sign up for their offered identity protection services and consider adding your information to credit-monitoring platforms like “Have I Been Pwned” to catch misuse quickly.