AFLAC, one of the largest insurers in the United States, says hackers stole an unknown amount of customer personal information from their network during a cyber attack earlier this month.
The insurance giant confirmed that in a legally necessary filing filed with the U.S. Securities and Exchange Commission on Friday, the company identified hackers in its system on June 12th and contained the case. AFLAC said that supplementary insurance is provided to individuals whose primary providers do not cover costs, and although the number of customers affected by the data breaches remains to be known, personal data includes customer claims such as Social Security numbers and health information.
The violations also include data from AFLAC beneficiaries, employees and agents, the company said.
AFLAC said the system was not affected by ransomware, but attributed the violation to an unspecified cybercriminal group known to target the US insurance industry. According to a press release on Friday, AFLAC said hackers will use social engineering tactics to infiltrate the network.
AFLAC spokesman who did not provide a name refused to answer TechCrunch questions when it arrived via email on Monday.
With around 50 million customers, AFLAC is the latest US insurance company to experience cyberattacks in recent weeks amid warnings that hackers are targeting the wider insurance industry.
John Hultquist, chief analyst for Google's Threat Intelligence Unit, said last week that the unit “recognizes multiple intrusions” in the US, which features activities related to scattered spiders, a group of tactically loose knees that rely on social engineering tactics and sometimes violence threats.
The hackers are also reportedly behind the recent intrusions of Ellie Insurance and Philadelphia Insurance, which disclosed this month's cyberattack, and the confusion is underway.
Hackers associated with scattered spider attacks are known to be financially motivated, previously linked to cyberattacks and intrusions of tech giants, casinos and hotels, and recent data breaches across the UK and US retail sectors.