CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Data Breaches

22 Million Affected by Aflac Data Breach

Hackers stole names, addresses, Social Security numbers, ID numbers, and medical and health insurance information from Aflac’s systems. The post 22 Million Affected by Aflac Data Breach appeared first on SecurityWeek.

Cyberinsurance

Insurance giant Aflac is notifying roughly 22.65 million people that their personal information was stolen from its systems in June 2025.

The company disclosed the intrusion on June 20, saying it had identified suspicious activity on its network in the US on June 12 and blaming it on a sophisticated cybercrime group.

The company said it immediately contained the attack and engaged with third-party cybersecurity experts to help with incident response. Aflac’s operations were not affected, as file-encrypting ransomware was not deployed.

Just before Christmas, the Columbus, Georgia-based company announced it had completed its investigation into the potentially compromised data and had started notifying the affected individuals.

“Based on our review of potentially impacted files, we have determined personal information associated with approximately 22.65 million individuals was involved,” the company said.

The compromised information, the insurance giant says, includes names, addresses, Social Security numbers, dates of birth, driver’s license numbers, government ID numbers, medical and health insurance information, and other data.

“The review of the potentially impacted files determined personal information associated with customers, beneficiaries, employees, agents, and other individuals related to Aflac was involved,” Aflac said in a notification (PDF) on its website.

The company is providing the affected individuals with 24 months of free credit monitoring, identity theft protection, and medical fraud protection services.

Aflac says it is not aware of any of the stolen information being fraudulently used, but urges the impacted individuals to remain vigilant against any identity theft and fraud attempts.

The insurance giant did not name the threat actor behind the data breach, but said the incident was part of a “campaign against the insurance industry”.

This suggests that the Scattered Spider hacking group might have been responsible for the intrusion, as it occurred around the same time that Google’s Threat Intelligence Group warned that the gang was focusing on insurance companies.

Related: Nissan Confirms Impact From Red Hat Data Breach

Related: 3.5 Million Affected by University of Phoenix Data Breach

Related: University of Sydney Data Breach Affects 27,000 Individuals

Related: 113,000 Impacted by Data Breach at Virginia Mental Health Authority

Latest News

CYBERNEWSMEDIAPublisher