Description
AFLAC, the largest provider of supplemental insurance in the United States and well known for its commercials that feature the AFLAC Duck, was the latest victim of a cyberattack. The company provides financial protection for more than 50 million people worldwide. AFLAC is one of three insurance companies that reported cybersecurity incidents in the past 30 days. It is believed that these attacks are part of an attack campaign against the insurance industry at large by the active hacking group known as Scattered Spider.
The company reported that ransomware was not involved in the attack, but some of their data was compromised. Information related to customers, employees, and policy beneficiaries was exposed. Although not yet confirmed, the breach likely included names, Social Security numbers (SSNs), insurance claim information, and personal health details.
Identify Indicators of Compromise (IoCs)
Investigators think the attackers used social engineering tactics to trick employees into giving them access. AFLAC detected the attack on June 12 through its internal monitoring system, which triggered an immediate response and investigation. This rapid response enabled their teams to contain the attack and stop the intrusion within hours. This limited the impact and scope of the attack.
Actions Taken
AFLAC brought in leading external cybersecurity experts at the start to analyze the attack, assess the scope of the breach, and guide remediation measures. They established a dedicated call center to assist anyone potentially affected by the breach. The company is offering 24 months of complimentary credit monitoring, identity theft protection, and Medical Shield coverage to individuals whose information was compromised. AFLAC filed the proper report with the U.S. Securities and Exchange Commission (SEC) on June 20, 2025.
Prevention
There is a growing realization today that preventing every single attack is an unrealistic expectation. The focus today has now shifted towards early detection, rapid containment, and effective mitigation of threats. No matter how much a company invests in security, no one is completely safe from attacks today.
The initial reports show that AFLAC had a lot of good measures in place. It appears they had a well-conceived and rehearsed incident response plan (IRP) that allowed them to respond in a quick fashion to not only curtail the attack but also alert the public and assist those affected by the breach.
One of the most effective ways to protect against social engineering attacks is education. Regularly training employees about how to identify and combat techniques such as phishing, pretexting, or baiting should take place throughout the year. In pretexting, an attacker invents a believable story or reason for needing the information. For instance, they may impersonate someone in the IT department or an employee from a trusted vendor. Baiting is a social engineering assault that deceives victims into compromising their own systems or disclosing private information by use of an alluring offer or malevolent enticement. Free software, music, a USB drive, or access to premium material are examples of “bait” that often looks appealing but is really a means of spreading malware or gathering login information. Organizations should have defined policies for sharing information, and requests for sensitive information should always be verified through a separate trusted channel. An advanced email security solution that can identify potential impostors, evaluate the reputation of source domains, and analyze email content is another method to protect users from these types of attacks.
Data breaches are a prime example of why it is so important to apply strict adherence to the principle of least privilege (PoLP). Least privilege access controls restrict employees to only the data and systems necessary for their roles, limiting the potential damage if an account is compromised and helping to contain lateral movement within the network.
Review your security program and training for your teams to minimize your risk.
Cybersecurity & Risk News, Updates, Resources
Cybersecurity Awareness Posters
Review Your Security and Risk Profile
