[ad_1]
The data breach has been thwarted, the business remains operational, and the systems were not affected by ransomware, said the company statement.
“We continue to serve our customers as we respond to this incident and can underwrite policies, review claims, and otherwise service our customers as usual,” it said.
“The potentially impacted files contain claims information, health information, social security numbers, and/or other personal information, related to customers, beneficiaries, employees, agents, and other individuals in our U.S. business,” said Aflac.
Aflac said the attack was done by a “sophisticated cybercrime group” targeting the insurance industry.
According to preliminary findings, “the unauthorized party used social engineering tactics to gain access to our network,” said Aflac.
“We are offering any individual who contacts our dedicated call center free credit monitoring and identity theft protection, and Medical Shield for 24 months,” said the company.
Third-party cybersecurity experts are supporting the ongoing investigation.
Aflac shares fell in premarket trading following the cyber breach announcement, but it has since rebounded.
In a social engineering attack, the intruder makes use of human interactions, that is, social skills, to gain unauthorized access to a network.
The individual probes around, making contacts with different individuals in order to “piece together enough information to infiltrate an organization’s network.”
Threat From Overseas Actors
The financial services industry, which includes the insurance sector, is a top 10 target for certain forms of cyber intrusion, according to CrowdStrike’s Global Threat Report 2025.
The report made special mention of China’s role in global online espionage efforts. China-nexus activity surged 150 percent across all sectors, with a staggering 200–300 percent increase in key targeted industries.
“Throughout 2024, China-nexus adversaries’ advancements manifested through increasingly bold targeting, stealthier tactics, and specialized operations,” said the report, adding that “these operations likely fulfill general intelligence requirements in the Chinese Communist Party (CCP)’s strategic plans.”
Recently, on May 20, Maryland-based Kelly & Associates Insurance Group Inc., also known as Kelly Benefits, reported a cybersecurity breach. Besides Maryland, Kelley has locations in Delaware, Washington, and Pennsylvania.
The incident has impacted half a million people.
“The information that could have been subject to unauthorized access for the additional Maine residents includes name, Social Security number, and financial account information,” said the incident report.
On May 13, Oxford Life Insurance Company, based in Arizona, reported a data breach incident. The number of people impacted by this hack is unknown.
“The investigation determined that an unauthorized person accessed our IT network for approximately one hour on February 20, 2025, and, during that time, copied some of our files. We then reviewed the files that may have been involved,” said the incident report.
The Epoch Times reached out to Kelly Benefits and Oxford Life for comment but did not receive a reply by publication time.
[ad_2]
