Cybercriminals breach Aflac as part of hacking spree against US insurance industry


Cybercriminals have breached insurance giant Aflac, potentially stealing Social Security numbers, insurance claims and health information, the company said Friday, the latest in a spree of hacks against the insurance industry.

With billions of dollars in annual revenue and tens of millions of customers, Aflac is the biggest victim yet in the ongoing digital assault on US insurance companies that has the industry on edge and the FBI and private cyber experts scrambling to contain the fallout. Erie Insurance and Philadelphia Insurance Companies have also reported hacks this month, which in those cases have caused widespread disruptions to IT systems used to serve customers. All three insurance-company hacks are consistent with the techniques of a young and rampant cybercrime group known as Scattered Spider, people familiar the investigation tell CNN.

Read more…
Source: CNN News


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • Business continuity isn’t keeping pace with cyber threats, warns Sedgwick CISO

    January 2, 2026

    Business continuity plans are lagging behind the speed and complexity of modern cyberattacks, according to Eric Schmitt (pictured), chief information security officer at Sedgwick. “In most cases, it is not,” Schmitt said, when asked whether current business continuity frameworks are adapting to today’s cyber threat environment. He drew a sharp line between business continuity and disaster ...

  • Cognizant hit with multiple US class-action lawsuits after TriZetto data breach

    January 2, 2026

    Cognizant Technology Solutions is facing a wave of class-action lawsuits in the United States after a long-running data breach at its healthcare claims processing unit, TriZetto Provider Solutions (TPS), triggered legal challenges from affected individuals. According to court filings, at least three lawsuits were filed late last month in federal courts in New Jersey and Missouri, ...

  • U.S. DOJ: Two Americans Plead Guilty to Targeting Multiple U.S. Victims Using ALPHV BlackCat Ransomware

    December 30, 2025

    Yesterday, a federal district court in the Southern District of Florida accepted the guilty pleas of two men to conspiring to obstruct, delay or affect commerce through extortion in connection with ransomware attacks occurring in 2023. “These defendants used their sophisticated cybersecurity training and experience to commit ransomware attacks — the very type of crime ...

  • CVE-2025-14847: Critical Memory Leak in MongoDB Allowing Attackers to Extract Sensitive Data

    December 29, 2025

    On December 19, 2025, MongoDB Inc. disclosed a critical new vulnerability, CVE-2025-14847, which has since been dubbed MongoBleed. This vulnerability is a high-severity unauthenticated memory leak affecting MongoDB, one of the world’s most popular document-oriented databases. While initially identified as a data exposure flaw, the severity is underscored by the fact that it allows attackers ...

  • Malware in 2025 spread far beyond Windows PCs

    December 29, 2025

    If there’s one thing that became very clear in 2025, it’s that malware is no longer focused on Windows alone. We’ve seen some major developments, especially in campaigns targeting Android and macOS. Unfortunately, many people still don’t realize that protecting smartphones, tablets, and other connected devices is just as essential as securing their laptops. Banking Trojans ...

  • Accused data thief threw MacBook into a river to destroy evidence

    December 29, 2025

    South Korean e-tailer Coupang claims a former employee has admitted to improperly accessing data describing 33 million of its customers, but says the accused deleted the stolen data. In a post published on Christmas, Coupang revealed it worked with Mandiant, Palo Alto Networks, and Ernst & Young, to conduct a forensic investigation into the incident, and ...