Follow ZDNET: Add us as a preferred source on Google.
ZDNET’s key takeaways
- An Aflac breach impacted more than 22 million customers.
- Stolen were Social Security numbers and other personal data.
- Aflac is offering free credit monitoring and other services.
Most of us probably know Aflac from the funny quacking duck commercials. But what has happened to millions of the insurer’s customers is hardly a laughing matter, especially if you’re one of them.
Also: The best data removal services of 2025: Delete yourself from the internet
On June 20, Aflac revealed that it was hit by a cyberattack staged by a sophisticated group as part of a wave of attacks against insurance companies. The firm noted that it became aware of the suspicious activity on June 12. At the time, Aflac said that it would conduct a review of the incident to determine what happened and who was affected.
Now that review has been completed, here are the gory details.
Personal and sensitive data stolen
In its analysis, Aflac found that personal and sensitive data was stolen from some 22.65 million customers, beneficiaries, employees, agents, and others related to the company. The data included names, contact information, claims information, health information, and Social Security numbers. But not all of this data was compromised for everyone affected by the breach.
Though Aflac did not identify the culprit, the attack appears to have been staged by Scattered Spider, a notorious ransomware group that has painted a bullseye on the insurance industry. A July report from cybersecurity provider CrowdStrike revealed how the group uses social engineering, SIM swapping, remote access tools, and other tactics to steal data and hold it for ransom.
If the money is not paid or the breach is contained, then Scattered Spider threatens to release the data publicly.
Also: I put 2025’s leading data-removal services to the test, and there was a clear winner
In June, just days before Aflac announced the attack, Google even warned that Scattered Spider was transitioning from its previous targets to insurance companies, as reported by CyberScoop.
“Google Threat Intelligence Group is now aware of multiple intrusions in the US which bear all the hallmarks of Scattered Spider activity,” John Hultquist, chief analyst at Google Threat Intelligence Group, said in an email at the time.
“We are seeing incidents in the insurance industry. Given this actor’s history of focusing on a sector at a time, the insurance industry should be on high alert, especially for social engineering schemes, which target its help desks and call centers,” Hultquist said.
How to protect yourself
After learning of the incident in June, Aflac reset the passwords for all accounts that were potentially compromised. The company said that it also set up further monitoring to look for additional signs of suspicious activity. Aflac stressed that it is not aware of any fraudulent use of the stolen information, but customers will want to take certain actions to protect themselves.
First up, the insurer has called on healthcare monitoring service CyEx Medical Shield to provide free credit monitoring, identity theft protection, medical fraud protection, and customer support to customers for 24 months.
To enroll in this service, call 1-855-361-0305 Monday through Friday from 9 am to 9 pm ET or Saturday from 9 am to 5:30 pm ET. But do not wait too long. The deadline to enroll is April 18, 2026.
Also: 5 ways to scour the dark web for your data after Google kills its free report
Second, Aflac advises customers to beware of any attempts at identity theft or fraud. That means you need to review your reports, financial accounts, and insurance statements for any unusual activity.
Third and finally, the usual advice applies as always.
Make sure you secure your accounts with strong passwords (or passcodes where available) and two-factor authentication. Look out for any phishing attempts through email, messaging, or websites. And ensure that your computer is protected with the right security software that can block malware and warn you of any suspicious files and activities.
Comments are closed, but trackbacks and pingbacks are open.