Aflac announced on Friday that it may have experienced a data breach affecting its U.S. customers. The insurance provider indicated that unauthorized individuals potentially accessed personal data through social engineering tactics. Aflac is currently conducting an investigation to assess the extent of the breach and has begun reviewing potentially impacted files, although it has not yet determined how many individuals may be affected or provided a timeline for when the review will be completed.
The company stated that the compromised files could include sensitive information such as claims details, health records, social security numbers, and other personal data related to customers and employees. Aflac first detected suspicious activity in its network on June 12 and implemented its cyber incident response protocols, successfully halting the intrusion within hours.
Aflac described the attack as being executed by a "sophisticated" cybercrime group, part of a broader campaign targeting the insurance sector. This incident follows similar attacks earlier this month on other insurance companies, including Philadelphia Insurance Companies and Erie Insurance, which also experienced significant disruptions to their IT operations.
Despite the breach, Aflac confirmed that its business operations remain unaffected and that it continues to underwrite policies and process claims as usual. In response to the incident, the company is offering free credit monitoring and identity theft protection for individuals who reach out to their dedicated call center, along with a service called Medical Shield for a period of 24 months.