Health and life insurer Aflac is investigating a potential data breach after detecting suspicious activity on its US network.  

The insurer revealed that the cybersecurity breach potentially exposed sensitive customer information.  

The data pertains to Aflac’s US operations including customers, beneficiaries, employees and agents.  

The company attributed the breach, which was detected on 12 June, to a sophisticated cybercrime group. 

Upon discovering the breach, Aflac activated its cyber incident response measures, intercepting the intrusion within a matter of hours.  

The company has confirmed that its operational capabilities remain intact and that the incident did not involve ransomware compromising its systems. 

A representative from Aflac communicated to Reuters that the characteristics of the breach bear a resemblance to the patterns associated with Scattered Spider, a cybercrime entity that has been active since May 2022.  

This group is known for targeting several companies within a particular industry in a sequential manner. 

Aflac has enlisted third-party cybersecurity experts to aid in the response and investigation.  

While the inquiry is still in its early stages, it has been revealed that the breach was facilitated by social engineering tactics that allowed unauthorised access to the network. 

The ongoing examination of potentially impacted files is crucial as these files may contain a range of personal data including claims and health information, social security numbers and other personal identifiers.  

The full scope of the breach and the total number of individuals affected are yet to be ascertained. 

Aflac has initiated a provision of free credit monitoring and identity theft protection services for a duration of 24 months.