In June, U.S. insurance giant Aflac disclosed a data breach in which hackers stole customers' personal information, including social security numbers and health information, but did not say how many victims had been affected.
The company confirmed on Tuesday that it had begun notifying approximately 22.65 million people whose data was stolen in the cyberattack.
Aflac said in a filing with the Texas attorney general that the stolen data included customers' names, dates of birth and home addresses. Government-issued identification numbers (such as passports or state ID cards), driver's license numbers, and social security numbers. Also information on medical care and health insurance.
And Aflac said in a filing with the Iowa attorney general that the perpetrators of the breach “may be affiliated with a known cybercrime organization. Federal law enforcement and third-party cybersecurity experts suggest this group may be targeting the insurance industry as a whole.”
This is likely the group Aflac is referring to, given that Scattered Spider, an amorphous group of young, mostly English-speaking hackers, was targeting the insurance industry at the time of the breach.
An Aflac spokesperson did not respond to TechCrunch's request for comment.
According to the company's official website, it has approximately 50 million customers.
tech crunch event
San Francisco | October 13-15, 2026
Aflac was one of several insurance companies to be hacked around the same time, including data breaches at Erie Insurance Company and Philadelphia Insurance Company.