Cybercriminals have breached insurance giant Aflac, potentially stealing Social Security numbers, insurance claims and health information, the company said Friday, the latest in a spree of hacks against the insurance industry.
With billions of dollars in annual revenue and tens of millions of customers, Aflac is the biggest victim yet in the ongoing digital assault on US insurance companies that has the industry on edge and the FBI and private cyber experts scrambling to contain the fallout. Erie Insurance and Philadelphia Insurance Companies have also reported hacks this month, which in those cases have caused widespread disruptions to IT systems used to serve customers. All three insurance-company hacks are consistent with the techniques of a young and rampant cybercrime group known as Scattered Spider, people familiar the investigation tell CNN.
Read more…
Source: CNN News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- PeckBirdy: A Versatile Script Framework for LOLBins Exploitation Used by China-aligned Threat Groups
January 26, 2026
Since 2023, Trend Micro researchers have been observing threat campaigns employing a previously unseen script-based command-and-control (C&C) framework which we named PeckBirdy, being used against Chinese gambling industries, as well as malicious activities targeting Asian government entities and private organizations. While tracking this framework, Trend Micro identified at least two campaigns using PeckBirdy, which we were ...
- Nike says it is investigating possible data breach
January 26, 2026
Nike says it is investigating a potential data breach, after a group known for cyber attacks reportedly claimed to have leaked a trove of data related to its business operations. “We always take consumer privacy and data security very seriously,” Nike said in a statement. “We are investigating a potential cyber security incident and are ...
- Researchers say Russian government hackers were behind attempted Poland power outage
January 23, 2026
A failed December effort to bring down parts of Poland’s energy grid was the work of Russian government hackers known for causing past energy disruptions, according to a security research firm that investigated the incident. Last week, Polish Energy Minister Milosz Motyka told reporters that the attempted cyberattack on December 29 and 30 saw hackers targeting ...
- ShinyHunters claims Okta customer breaches, leaks data belonging to 3 orgs
January 23, 2026
ShinyHunters has claimed responsibility for an Okta voice-phishing campaign during which the extortionist crew allegedly gained access to Crunchbase and Betterment. On Friday, the criminals leaked data allegedly stolen from market-intel broker Crunchbase, streaming platform SoundCloud, and financial-tech firm Betterment, and confirmed to The Register that they gained access to two of the three – Crunchbase ...
- Data of 72 million Under Armour customers appears on the dark web
January 22, 2026
When reports first emerged in November 2025 that sportswear giant Under Armour had been hit by the Everest ransomware group, the story sounded depressingly familiar: a big brand, a huge trove of data, and a lot of unanswered questions. Since then, the narrative around what actually happened has split into two competing versions—cautious corporate statements on ...
- A new LinkedIn phishing scam is targeting executives online
January 21, 2026
Business executives and IT admins are being targeted by a highly sophisticated phishing attack which doesn’t happen in the email inbox but rather – on LinkedIn. Security researchers ReliaQuest said they saw a new attack that combines legitimate Python pentesting projects, DLL sideloading, and fake job ads, to infect “high-value targets” with remote access trojans ...

