Cybercriminals breach Aflac as part of hacking spree against US insurance industry


Cybercriminals have breached insurance giant Aflac, potentially stealing Social Security numbers, insurance claims and health information, the company said Friday, the latest in a spree of hacks against the insurance industry.

With billions of dollars in annual revenue and tens of millions of customers, Aflac is the biggest victim yet in the ongoing digital assault on US insurance companies that has the industry on edge and the FBI and private cyber experts scrambling to contain the fallout. Erie Insurance and Philadelphia Insurance Companies have also reported hacks this month, which in those cases have caused widespread disruptions to IT systems used to serve customers. All three insurance-company hacks are consistent with the techniques of a young and rampant cybercrime group known as Scattered Spider, people familiar the investigation tell CNN.

Read more…
Source: CNN News


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • DoorDash says personal information of customers, dashers stolen in data breach

    November 18, 2025

    DoorDash confirmed a data breach that exposed the names, email addresses, phone numbers and physical addresses of some of its users, including customers, dashers and merchants. In a Help Center article published Nov. 13, DoorDash said that although hackers stole personal information from users, “no sensitive information was accessed by the unauthorized third party,” and the ...

  • Hackers claim to have hit Under Armour in massive data breach

    November 18, 2025

    The notorious Everest ransomware group has claimed sportswear maker and retailer Under Armour as its latest victim – with the group posting what it claims is a sample of ‘more than millions of personal data’ and internal company data onto a dark web site. The dark leak site post claims the hackers have accessed and exfiltrated ...

  • Active Exploitation Reported for CVE-2025-11001 in 7-Zip

    November 18, 2025

    Active exploitation of CVE-2025-11001 has been observed in the wild. A security researcher has also publicly released a proof-of-concept (PoC) exploit for CVE-2025-11001. The PoC allows attackers to abuse symbolic-link handling to write files outside of the intended extraction folder, which in some scenarios, can enable arbitrary code execution. Read more… Source: NHS Digital Sign up for the Cyber ...

  • Microsoft says Azure was hit with a massive DDoS attack launched from over 500,000 IP addresses

    November 18, 2025

    Microsoft has said it successfully mitigated, “the largest DDoS attack ever observed in the cloud” after cybercriminals running the Aisuru botnet targeted a single endpoint, located in Australia. The attack was a sight to behold: more than 500,000 source IPs, across various regions, descended upon the endpoint, delivering a multi-vector Distributed Denial of Service (DDoS) attack ...

  • Surveillance tech provider Protei was hacked, its data stolen, and its website defaced

    November 17, 2025

    A Russian telecom company that develops technology to allow phone and internet companies to conduct web surveillance and censorship was hacked, had its website defaced, and had data stolen from its servers, TechCrunch has learned. Founded in Russia, Protei makes telecommunications systems for phone and internet providers across dozens of countries, including Bahrain, Italy, Kazakhstan, Mexico, ...

  • Twitter hacker ordered to pay back £4.1m worth of Bitcoin

    November 17, 2025

    A Twitter hacker who breached the accounts of celebrities including Barack Obama and Jeff Bezos has been forced to hand over £4million. Joseph James O’Connor, 26, was jailed in the US for the hacks which involved scamming people out of Bitcoin and threatening celebrities with the release of personal images and messages. Now the CPS Proceeds ...