Aflac has recently revealed that customer information was compromised during a cyberattack. The organization indicated that a “sophisticated cybercrime group” targeting the insurance sector was the culprit. In an SEC report, Aflac disclosed that its network was breached on June 12 and that it “initiated its cybersecurity incident response protocols and believes that it contained the intrusion within hours.” Although the complete extent is not known, potentially compromised data may include health details, social security numbers, and personal information. Notably, Aflac emphasized that its systems were not impacted by ransomware.

Aflac is performing a “review of potentially impacted files” and will not be able to ascertain the total number of affected individuals until the review is finalized. A press release on Friday indicated that hackers employed social engineering tactics, a prevalent strategy in major cybersecurity breaches. “This attack, similar to what many insurance companies are currently facing, was initiated by a sophisticated cybercrime group,” the release said. “This was part of a cybercrime campaign targeting the insurance sector…The potentially impacted files include claims information, health information, social security numbers, and/or other personal details related to customers, beneficiaries, employees, agents, and other individuals within our U.S. operations.”

The incident is thought to align with attacks from the group Scattered Spider, associated with recent disruptions at Philadelphia Insurance Companies (PHLY) and Erie Indemnity, as reported by Reuters. Aflac customers who may be affected by the breach can reach out to the company for complimentary credit monitoring and identity theft protection.