Aflac mentioned Friday that cybercriminals breached its laptop methods, doubtlessly exposing among the most private information — together with Social Safety numbers and well being care data — of an unknown variety of Individuals and marking the most recent in a current string of on-line assaults in opposition to insurance coverage corporations.
The Columbus, Georgia-based insurance coverage supplier mentioned that it detected suspicious exercise on its US networks, shortly responded to it and managed to cease the net intruders “inside hours.” Aflac added that its enterprise stays operational and that its methods weren’t contaminated with ransomware.
Aflac is the most recent and largest insurance coverage firm to up to now be focused by cybercriminals. Philadelphia Insurance coverage and Erie Insurance coverage have been hit by cyberattacks this month and have but to renew full operations.Â
“This assault, like many insurance coverage corporations are at the moment experiencing, was attributable to a complicated cybercrime group,” Aflac mentioned in an announcement with out offering particulars to again that declare. “This was a part of a cybercrime marketing campaign in opposition to the insurance coverage business.”
Aflac mentioned that it is working with outdoors cybersecurity consultants to analyze the breach. It is within the means of figuring out which of its recordsdata have been doubtlessly compromised and the way many individuals could have been affected. The possibly affected recordsdata might embrace buyer information like Social Safety numbers, insurance coverage claims, well being data and different private particulars. Details about Aflac’s workers, brokers and different individuals concerned in its US companies may be compromised, the corporate mentioned.Â
Whereas that investigation remains to be in its early phases, Aflac mentioned it seems that the attackers gained entry to its networks by means of a social engineering assault, the place as a substitute of breaking into a pc system attackers will typically pose as somebody in authority, like an govt or IT employee, to trick an worker into handing over their official login credentials.Â
John Hultquist, chief analyst for Google’s Risk Intelligence Group, mentioned the current assaults in opposition to the insurance coverage corporations “bear all of the hallmarks” of the Scattered Spider cybercrime group, which has been tied to high-profile assaults in opposition to monetary providers, telecommunications and Las Vegas casinos and inns.Â
“Given this actor’s historical past of specializing in a sector at a time, the insurance coverage business needs to be on excessive alert, particularly for social engineering schemes which goal their assist desks and name facilities,” Hultquist mentioned in an announcement.Â
Whereas it is but to be decided precisely who has been affected and the way dangerous the injury could possibly be, Aflac has taken the unsual step of already providing to offer free credit score monitoring, id theft safety and Medical Protect protection for twenty-four months to clients who contact its name middle at 855-361-0305.
Aflac is the most important supplier of supplemental medical health insurance within the US and has a world buyer base of about 50 million individuals.
