There is a general perception that a company at scale and robust in its operations would be equally equipped with regards to cyber security. Unfortunately, that is not the case even in a situation when cyber security has literally ripped off the roof. Getting hacked is the new normal is a truism which is being proven every day. Now we are hearing of breaches from the insurance sector. Of late US insurance companies are facing the flak. The company in question now is Aflac, one of the largest insurance companies in the US and Japan.
Aflac, a Fortune 500 company, is the largest supplemental insurance provider in the US, and was recently hit by a cyber security breach affecting its US network. Aflac said that like many other insurance companies it has also been impacted by a cyber breach orchestrated by a sophisticated cybercrime group, without naming Scattered Spider. On June 12, 2025, Aflac detected a social-engineering cyber intrusion, halted within hours with no ransomware involved. If it was stalled by proactive measures after it was first noticed in the company’s system, then the company’s reaction is worthy of praise.
As per the standard convention, the company proclaims that though the investigation is in its preliminary stages, in the spirit of transparency, and care for customers, it has shared the preliminary findings. ‘Social media tactics’ were used to gain access. The breach potentially exposed sensitive data including Social Security numbers, health and claims information of customers, employees, agents and beneficiaries. At this stage, the full scope of affected individuals remains undetermined. In general, the companies lack resources on the cyber security expertise side and the government investigative agencies cannot take it comprehensively, taking care of the total impact of the crime.
Aflac has engaged leading third-party cybersecurity experts to support their response to the incident. They would probe into the incident and have already started a review of potentially impacted files. The company is offering a dedicated call center free credit monitoring and identity theft protection and Medical Shield for 24 months. The company has faced a data breach in 2023 in Japan that affected 1.3 million customers holding cancer-related insurance policies. Reports suggest the current attack fits patterns of “Scattered Spider” hacker group, known for impersonating tech support and using phone-based social engineering.
IT SEEMS WE CAN NEVER GET OUR ACT TOGETHER IN TACKLING CYBER CRIMES.
Sanjay Sahay
Have a nice evening.