Cybercriminals have breached insurance giant Aflac, potentially stealing Social Security numbers, insurance claims and health information, the company said Friday, the latest in a spree of hacks against the insurance industry.
With billions of dollars in annual revenue and tens of millions of customers, Aflac is the biggest victim yet in the ongoing digital assault on US insurance companies that has the industry on edge and the FBI and private cyber experts scrambling to contain the fallout. Erie Insurance and Philadelphia Insurance Companies have also reported hacks this month, which in those cases have caused widespread disruptions to IT systems used to serve customers. All three insurance-company hacks are consistent with the techniques of a young and rampant cybercrime group known as Scattered Spider, people familiar the investigation tell CNN.
Read more…
Source: CNN News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Microsoft SharePoint Zero-Day Exploitation: What Public Sector Leaders Should Know
September 30, 2025
The Rapid7 September 2025 Threat Report highlights active exploitation of a critical Microsoft SharePoint vulnerability, CVE-2025-53770. This zero-day is being used by threat actors to gain initial access to victim networks, with exploitation observed in government as well as multiple other industries. SharePoint remains a widely deployed collaboration platform in federal, state, and local agencies, resulting ...
- ‘Widespread’ breach let hackers steal employee data from FEMA and CBP
September 29, 2025
A “widespread cybersecurity incident” at the Federal Emergency Management Agency allowed hackers to make off with employee data from both the disaster management office and U.S. Customs and Border Protection, according to a screenshot of an incident overview presentation obtained by Nextgov/FCW. The hack is also suspected to have later triggered the dismissal of two dozen ...
- UK: Jaguar Land Rover rescued with £1.5bn Government loan after cyber attack
September 28, 2025
The Government has agreed to support Jaguar Land Rover (JLR) with a loan guarantee expected to unlock £1.5billion to support its supply chain. JLR suspended production at its UK factories following the cyber attack on 31 August, including the one in Halewood on Merseyside. The announcement follows the Business Secretary’s visit to JLR and supply chain ...
- UK: Harrods’ customers details stolen in data breach
September 27, 2025
Harrods has warned some of its customers that their personal data may have been taken in an IT systems breach, months after it was targeted by a suspected cyber attack in May. The luxury department store said customer names and contact details have been taken after one of its third-party provider systems was compromised. It said ...
- SVG Phishing hits Ukraine with Amatera Stealer, PureMiner
September 26, 2025
FortiGuard Labs recently observed a phishing campaign designed to impersonate Ukrainian government agencies and deliver additional malware to targeted systems. The phishing emails contain malicious Scalable Vector Graphics (SVG) files designed to trick recipients into opening harmful attachments. When opened, the SVG initiates the download of a password-protected archive that contains a Compiled HTML Help (CHM) ...
- XCSSET evolves again: Analyzing the latest updates to XCSSET’s inventory
September 25, 2025
Microsoft Threat Intelligence has identified yet another XCSSET variant in the wild that introduces further updates and new modules beyond those detailed in our March 2025 blog post. The XCSSET malware is designed to infect Xcode projects, typically used by software developers, and run while an Xcode project is being built. We assess that this mode ...

