U.S. Insurance giant American Family Life Assurance Company (Aflac) suffered a cyber attack that potentially compromised sensitive personal information, including health data.
With more than 50 million policyholders across the United States, Columbus, Georgia-based Aflac is the largest provider of supplemental insurance in the United States. The Fortune 500 company employs about 12,694 people and reported $19 billion in annual revenue in 2024.
According to a June 20 cyber incident notice, the insurance company initiated its cyber incident response protocols after detecting suspicious activity on its network on June 12, 2025.
It also hired external cybersecurity experts to investigate the incident and determine the nature of the potentially stolen information.
Aflac cyber attack leaked sensitive information
According to a regulatory filing with the U.S. Securities and Exchange Commission (SEC), the leaked details pertain to the company’s customers, insurance beneficiaries, employees, insurance agents, and other entities in the United States.
Details leaked during the cyber attack include insurance claims information, protected health information, and personal details, including Social Security numbers.
Aflac claims its immediate response enabled it to stop the cyber attack within hours, preventing further compromise and disruption to its operations.
“We promptly initiated our cyber incident response protocols and stopped the intrusion within hours. Importantly, our business remains operational, and our systems were not affected by ransomware,” it stated.
While Aflac withheld the threat actor’s identity, it attributed the cyber attack to a sophisticated cybercrime group responsible for targeting insurance companies.
“This attack, like many insurance companies are currently experiencing, was caused by a sophisticated cybercrime group. This was part of a cybercrime campaign against the insurance industry,” the company said.
Increased cyber attacks by Scattered Spider
However, the cyber attack bears the hallmarks of Scattered Spider activity, the cybercrime group that has been targeting various retailers across the United Kingdom and Europe. The gang is also attributed to the cyber attacks on Philadelphia Insurance Companies (PHLY) and Erie Indemnity.
Scattered Spider also works with other cybercrime gangs such as ALPHV/BlackCat, which was responsible for the cyber attack on healthcare giant UnitedHealth.
“This escalation by Scattered Spider should prompt insurance companies to reevaluate their threat preparedness,” said Nick Tausek, Lead Security Automation Architect at Swimlane. “Reports surfaced earlier this week about the group shifting their cyberattacking efforts towards insurance companies, then proceeding to strike insurance companies in Michigan and Pennsylvania before targeting Aflac today.”
In May 2025, Google Threat Intelligence Group (GTIG) Chief Analyst John Hultquist warned American companies to brace for cyberattacks from the native English-speaking gang comprising young cybercriminals.
So far, details regarding the nature of the cyber attack, including whether ransomware deployment was attempted, and the number of victims impacted, are unavailable.
However, the insurance giant disclosed that the threat actor employed social engineering tactics to breach its systems. Scattered Spider, also known as UNC3944, 0ktapus, Scatter Swine, Starfraud, and Muddled Libra, employs social engineering tactics targeting help desks, resulting in SIM swap fraud to hijack two-factor authentication codes, to compromise organizations.
Meanwhile, Aflac is in the process of notifying regulatory authorities and victims whose data was likely compromised during the cyber attack. The company also offered 24 months of free credit monitoring, identity theft protection services, and Medical Shield to protect the victims from fraud.
“We regret that this incident occurred,” Aflac apologized. “We will be working to keep our stakeholders informed as we learn more and continue investigating the incident.”
