A financially motivated threat actor, known as UNC6040, has been orchestrating a sophisticated...
Discovery & Immediate Containment
On June 12, Aflac detected unauthorized activity on its U.S. network and shut it down within hours—a response detailed in its June 20 SEC filing and press release. There was no ransomware involved, and core operations continued uninterrupted.
What Was Exposed? Sensitive Customer & Employee Data
Aflac cautions that files containing Social Security numbers, health records, claims data, employee and agent information may have been accessed. The full scale remains unknown, as the review process is ongoing.
The Culprit: Scattered Spider & Social Engineering
SEC filings and analyst insights point to Scattered Spider—a highly organized, English-speaking hacker group known for impersonating help‑desk staff. Their tactics often rely on credential theft rather than malware, breaching insurers in a coordinated campaign.
Response & Fallout: Legal Wrangling Begins
Aflac engaged top cybersecurity firms and set up a dedicated hotline offering 24 months of credit monitoring, Medical Shield, and identity theft protection. However, the company now faces at least 11 proposed federal class-action lawsuits alleging failures to safeguard personal data.
Broader Implications: What Travelers & Insurers Should Know
This breach is part of a broader cybercrime spree targeting insurers. Experts warn the insurance sector must strengthen defenses—especially around human-centered layers like voice authentication, AI detection of social engineering, and layered access controls. Consumers are advised to freeze credit, monitor statements, and enable multi-factor authentication.
SOURCE: https://www.axios.com/2025/06/20/aflac-insurance-data-breach-cybersecurity
