When was the Aflac cyberattack discovered and contained?

Aflac detected the unauthorized access to its network on June 12, 2025, and successfully contained the intrusion several hours after discovery. The company publicly reported the incident on Friday, June 20, 2025.

How did the attackers gain access to Aflac's systems?

The attack was executed through social engineering tactics. This typically involves manipulating employees or other individuals to divulge confidential information or provide unauthorized access to systems through deception rather than technical exploits.

What type of data may have been compromised in the Aflac breach?

The cybercriminals may have gained access to files containing sensitive personal information including claims information, health information and medical data, Social Security numbers, and other personal information of individuals associated with Aflac's U.S. business operations.

Was Aflac hit by ransomware in this attack?

No, Aflac claims that their systems were not affected by ransomware. This appears to be a data theft incident rather than a ransomware attack, and business operations have continued without interruption.

How has this incident affected Aflac's business operations?

According to Aflac, business operations have continued without interruption despite the cybersecurity incident. The company was able to contain the intrusion quickly and maintain operational continuity.

What is the current status of the Aflac investigation?

The company has emphasized that the investigation remains in its early stages. They are conducting a full review of potentially impacted files to determine the complete scope of the breach and the exact number of affected individuals.

What should affected individuals do about the Aflac data breach?

Since the investigation is ongoing and the full scope is not yet determined, affected individuals should monitor their accounts and personal information for signs of misuse, especially given that Social Security numbers and health information may have been compromised. Aflac will likely provide more specific guidance as the investigation progresses and they identify all affected individuals.

Incident

Scattered Spider cybercrime group breaches Aflac Insurance

Q: What cybersecurity incident occurred at Aflac?

American insurance company Aflac reported a cybersecurity incident on Friday, June 20, 2025. The company detected unauthorized access to its network on June 12, 2025, and contained the intrusion several hours after discovery. The attack was executed through social engineering tactics.

Q: Who is suspected to be behind the Aflac cyberattack?

While Aflac did not explicitly name the threat actors, cybersecurity experts and sources familiar with the investigation have indicated that the incident resembles techniques of the cybercrime group Scattered Spider. Aflac acknowledged that the attack was part of a cybercrime campaign against the insurance industry carried out by a sophisticated cybercrime group.

Q: Is this attack part of a broader campaign against the insurance industry?

Yes, Aflac acknowledged that the attack was 'part of a cybercrime campaign against the insurance industry' carried out by a 'sophisticated cybercrime group,' indicating that other insurance companies may also be targets of this coordinated campaign.

Q: How many people were affected by the Aflac cybersecurity incident?

The number of affected individuals has not been disclosed. Aflac has emphasized that the investigation remains in its early stages, and they are unable to determine the total number of affected individuals until a full review of potentially impacted files is completed.

published: June 20, 2025

Learn More

The American insurance company Aflac is reporting a cybersecurity incident on Friday, June 20, 2025.

The company detected an unauthorized access to its network on June 12, 2025, and contained the intrusion several hours after discovery. The attack was executed through social engineering tactics. Aflac did not explicitly name the threat actors, cybersecurity experts and sources familiar with the investigation have indicated that the incident resembles techniques of the cybercrime group Scattered Spider,.

Aflac acknowledged that the attack was "part of a cybercrime campaign against the insurance industry" carried out by a "sophisticated cybercrime group."

The cybercriminals may have gained access to files containing sensitive personal information. The affected individuals may include customers, beneficiaries, employees, insurance agents, and other individuals associated with Aflac's U.S. business operations. The potentially compromised data includes:

Claims information
Health information and medical data
Social Security numbers
Other personal information

The number of affected individuals is not disclosed.

The company has emphasized that the investigation remains in its early stages, and they are unable to determine the total number of affected individuals until a full review of potentially impacted files is completed.

Aflac claims that their systems were not affected by ransomware, and business operations have continued without interruption.

Update - as of 21st of December 2025, Aflac completed the investigation and is notifying approximately 22.65 million affected individuals.

Scattered Spider cybercrime group breaches Aflac Insurance

Read More
Fidelity reports third party breach caused by Infosys …
Crum & Forster insurance report data breach, approx. …
Lafayette Life reports third party data breach
Kaiser Permanente reports data breach, 13.4M people impacted
Texas Medical Liability Trust reports Data Breach, exposes …