Cybercriminals Breach Aflac, Private Customer Data Could Be at Risk

Aflac mentioned Friday that cybercriminals breached its laptop methods, probably exposing a few of the most private knowledge — together with Social Safety numbers and well being care info — of an unknown variety of People and marking the most recent in a current string of on-line assaults towards insurance coverage corporations.The Columbus, Georgia-based insurance coverage supplier mentioned that it detected suspicious exercise on its US networks, shortly responded to it and managed to cease the net intruders “inside hours.” Aflac added that its enterprise stays operational and that its methods weren’t contaminated with ransomware.Aflac is the most recent and largest insurance coverage firm to to this point be focused by cybercriminals. Philadelphia Insurance coverage and Erie Insurance coverage had been hit by cyberattacks this month and have but to renew full operations. “This assault, like many insurance coverage corporations are at present experiencing, was attributable to a complicated cybercrime group,” Aflac mentioned in a press release with out offering particulars to again that declare. “This was a part of a cybercrime marketing campaign towards the insurance coverage trade.”Aflac mentioned that it is working with exterior cybersecurity consultants to analyze the breach. It is within the means of figuring out which of its information had been probably compromised and the way many individuals could have been affected. The doubtless affected information may embrace buyer knowledge like Social Safety numbers, insurance coverage claims, well being info and different private particulars. Details about Aflac’s staff, brokers and different folks concerned in its US companies may be compromised, the corporate mentioned. Whereas that investigation remains to be in its early levels, Aflac mentioned it seems that the attackers gained entry to its networks by means of a social engineering assault, the place as an alternative of breaking into a pc system attackers will usually pose as somebody in authority, like an government or IT employee, to trick an worker into handing over their reputable login credentials. John Hultquist, chief analyst for Google’s Risk Intelligence Group, mentioned the current assaults towards the insurance coverage corporations “bear all of the hallmarks” of the Scattered Spider cybercrime group, which has been tied to high-profile assaults towards monetary providers, telecommunications and Las Vegas casinos and accommodations. “Given this actor’s historical past of specializing in a sector at a time, the insurance coverage trade must be on excessive alert, particularly for social engineering schemes which goal their assist desks and name facilities,” Hultquist mentioned in a press release. Whereas it is but to be decided precisely who has been affected and the way dangerous the injury might be, Aflac has taken the unsual step of already providing to supply free credit score monitoring, id theft safety and Medical Protect protection for twenty-four months to clients who contact its name heart at 855-361-0305.Aflac is the most important supplier of supplemental medical insurance within the US and has a world buyer base of about 50 million folks.