In June, Aflac, the American insurance giant, announced a large-scale data breach. This alarming event has understandably raised red flags for the bank’s consumers. Hackers gained access to the company’s systems and stole sensitive personal and health information, impacting nearly 22.65 million people. As a result of the breach, Aflac is required to notify individuals affected and report to attorney generals in Texas and Iowa.
The data stolen in this breach includes a wide variety of personal information. Those customers had sensitive personal information leaked as well. This included their full names, dates of birth, residences, government IDs—including passports and state ID cards—drivers’ license numbers, Social Security numbers, and health insurance information.
Aflac has since acknowledged the breach. Yet the company has failed to disclose how many victims there are, which has left millions of its customers still worried about their data’s exposure. And with approximately 50 million customers, the potential scale of this incident is massive. This puts Aflac in the company of a number of other insurance companies who’ve been hit hard by recent cyberattacks.
In both cases, experts now suspect a hacking group known as Scattered Spider to be responsible for the breach. They are taking their fight against the insurance industry on a much broader level.
“This group may be affiliated with a known cyber-criminal organization; federal law enforcement and third-party cybersecurity experts have indicated that this group may have been targeting the insurance industry at large.” – Aflac
In the wake of this breach, Aflac began an outreach process informing individuals whose data was compromised. The company works hand-in-hand with the cybersecurity community to address the problem. Together, they are laying the groundwork for stronger safeguards that will better protect customers’ data in the future.
Depending on the company’s security measures, the extent of risk varies. This incident raises serious doubts about the security measures that Aflac had in place. It underscores the weaknesses lurking in the broader insurance industry. Stakeholders are understandably demanding more robust security measures to protect from future breaches.
