Aflac Inc., one of the largest providers of supplemental life and health insurance in the United States, has become the latest victim in a wave of cyberattacks targeting the insurance sector. On June 12, 2025, the company detected what it described as suspicious and unauthorized activity on its U.S. network, potentially exposing sensitive customer information.
According to a federal regulatory filing and company statements, the breach involved files containing personal data, including Social Security numbers and health-related information. While Aflac, which manages insurance data for more than a million customers, has not disclosed the total number affected, it is actively assessing the scope of the incident.
Aflac spokespersons report that the breach was identified and contained within hours, and the company has enlisted outside cybersecurity experts to continue investigating. The company described the intrusion as consistent with tactics used by a known English-speaking cybercrime group, widely identified in the industry as Scattered Spider. This group is linked to previous disruptions at multiple insurance companies, according to cybersecurity analysts familiar with the case. "The characteristics of the breach align with broader campaigns targeting the insurance sector," said a company representative.
The impact of the attack appeared immediate: Aflac's shares fell 1.3% in premarket U.S. trading after news of the incident broke (Reuters). Despite the breach, the company assured customers and investors that its core systems remain operational and that it continues to provide usual services while the investigation proceeds. Those potentially affected by the breach are being offered 24 months of free credit monitoring, identity theft protection, and Medical Shield services to help guard against possible misuse of personal information.
This is the third significant cyberattack to hit a major U.S. insurance provider in June 2025, underscoring what industry experts describe as a "broader campaign" targeting sensitive consumer data held by insurers. Other insurance companies reported similar breaches earlier this month, but details remain scarce pending ongoing investigations.
Regulatory authorities, including the U.S. Securities and Exchange Commission, have been notified. Insurance industry leaders warn that such attacks are becoming increasingly sophisticated. The incident highlights the growing challenges American companies face in safeguarding customer information against persistent cyber threats. For further updates, customers are encouraged to monitor official Aflac communications and refer to comprehensive coverage by outlets such as Axios and Associated Press.