Cybercriminals breach Aflac as part of hacking spree against US insurance industry


Cybercriminals have breached insurance giant Aflac, potentially stealing Social Security numbers, insurance claims and health information, the company said Friday, the latest in a spree of hacks against the insurance industry.

With billions of dollars in annual revenue and tens of millions of customers, Aflac is the biggest victim yet in the ongoing digital assault on US insurance companies that has the industry on edge and the FBI and private cyber experts scrambling to contain the fallout. Erie Insurance and Philadelphia Insurance Companies have also reported hacks this month, which in those cases have caused widespread disruptions to IT systems used to serve customers. All three insurance-company hacks are consistent with the techniques of a young and rampant cybercrime group known as Scattered Spider, people familiar the investigation tell CNN.

Read more…
Source: CNN News


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • Peruvian Peaks: The digital loan illusion

    January 21, 2026

    Crossing the Andes, we found ourselves in the digital valleys of Peru, where a new variation of the loan scam awaited us. Much like the schemes in Brazil, these operations played on hope and desperation, luring victims with promises of financial relief. The setup was so convincing that it seemed like help was just within ...

  • From Extension to Infection: An In-Depth Analysis of the Evelyn Stealer Campaign Targeting Software Developers

    January 19, 2026

    On December 8, 2025, Koi.ai published their findings about a campaign specifically targeting software developers through weaponized Visual Studio Code extensions. Here, Trend Micro will provide a more in-depth analysis of the multistage delivery of the Evelyn information stealer. Evelyn implements multiple anti-analysis techniques to evade detection in research and sandbox environments. It collects system information ...

  • StealC malware control panels could give experts the tools they need to spy on hackers

    January 19, 2026

    Cybersecurity researchers have managed to break into the web-based control panel for the StealC infostealer and gain valuable information on how the malware operates, and who both the attackers and the victims are. StealC is an immensely popular infostealer malware which first emerged a couple of years ago, and has since become one of the staples ...

  • Firefox joins Chrome and Edge as sleeper extensions spy on users

    January 19, 2026

    A group of cybercriminals called DarkSpectre is believed to be behind three campaigns spread by malicious browser extensions: ShadyPanda, GhostPoster, and Zoom Stealer. Malwarebytes Labs wrote about the ShadyPanda campaign in December 2025, warning users that extensions which had behaved normally for years suddenly went rogue. After a malicious update, these extensions were able to track ...

  • Canadian Investment Regulatory Organization data breach reveals info on 750,000 investors

    January 19, 2026

    The 2025 cyberattack at the Canadian Investment Regulatory Organization (CIRO) affected roughly 750,000 Canadians, it has now confirmed. Founded in 2023, CIRO is Canada’s national self-regulatory body that oversees investment dealers, trading activity, and market integrity. In mid-August 2025, CIRO disclosed a cyberattack and data breach, saying it was forced to shut down parts of its ...

  • RondoDox botnet linked to large-scale exploit of critical HPE OneView bug

    January 16, 2026

    A critical HPE OneView flaw is now being exploited at scale, with Check Point tying mass, automated attacks to the RondoDox botnet. The security outfit says it has identified “large-scale exploitation” of CVE-2025-37164, a maximum-severity remote code execution bug in HPE’s data center management platform. Check Point has tied the activity to RondoDox, a Linux-based botnet ...