Cybercriminals breach Aflac as part of hacking spree against US insurance industry


Cybercriminals have breached insurance giant Aflac, potentially stealing Social Security numbers, insurance claims and health information, the company said Friday, the latest in a spree of hacks against the insurance industry.

With billions of dollars in annual revenue and tens of millions of customers, Aflac is the biggest victim yet in the ongoing digital assault on US insurance companies that has the industry on edge and the FBI and private cyber experts scrambling to contain the fallout. Erie Insurance and Philadelphia Insurance Companies have also reported hacks this month, which in those cases have caused widespread disruptions to IT systems used to serve customers. All three insurance-company hacks are consistent with the techniques of a young and rampant cybercrime group known as Scattered Spider, people familiar the investigation tell CNN.

Read more…
Source: CNN News


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • When IT Support Calls: Dissecting a ModeloRAT Campaign from Teams to Domain Compromise

    May 13, 2026

    Attackers do not need to break into the front door when they can convince employees to open it for them through the tools they already trust. In April 2026, Rapid7 investigated an enterprise intrusion that began with a Microsoft Teams message from a fake “IT Support” account and quickly escalated into a full compromise chain involving ...

  • German Citizen Charged with Laundering Funds Linked to Prominent Darknet Marketplace “Dream Market”

    May 13, 2026

    Owe Martin Andresen, the suspected main administrator of Dream Market, one of the largest illicit darknet marketplaces before its 2019 shutdown, has been indicted for an alleged scheme to launder funds from Dream Market’s administrator accounts. Andresen was arrested last week in Germany on parallel charges brought by the German government. “Andresen allegedly channeled commissions earned ...

  • Stolen Canvas data was “returned” after hacker agreement, Instructure says

    May 12, 2026

    The Instructure/Canvas data breach that has dominated cybersecurity coverage recently has reached a new stage. Millions of students had personal data stolen, with extortion group ShinyHunters claiming credit for the data breach and applying extra pressure for their ransom demands by bothering Canvas users directly. Which seems to have paid off. On the Instructure web page about the recent ...

  • Cache-poisoning caper turns TanStack npm packages toxic

    May 12, 2026

    An attacker has published 84 malicious versions of official TanStack npm packages, with the impact including credential theft, self-propagation, and complete disk wipe of an infected host. The attack is part of a wave of attacks across npm and PyPI, continuing the Mini Shai-Hulud campaign. Supply chain security company Socket reports that other compromised packages include the OpenSearch client, Mistral ...

  • Inside AD CS Escalation: Unpacking Advanced Misuse Techniques and Tools

    May 11, 2026

    Active Directory Certificate Services (AD CS) is a foundational component of Windows enterprise infrastructure, responsible for managing public key infrastructure (PKI) and issuing certificates that enable authentication and encryption across networks. Despite its critical role in the enterprise identity infrastructure, AD CS is often undermined by insecure default configurations and design complexities, resulting in exploitable ...

  • Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America

    May 11, 2026

    Threat actors using AI is an unsurprising and even long-predicted developmentopen on a new tab. In a case in point, TrendAI™ Research has identified two emerging threat campaigns that used agentic AI to drive intrusion operations against government entities and financial organizations across several countries in Latin America. Though evidence suggests that the two groups are likely ...