In the latest escalation of cyberattacks targeting the insurance sector, U.S. based insurance giant Aflac confirmed it suffered a major data breach likely compromising the sensitive personal and health information of customers, employees, and agents. The breach, detected on June 12, is part of a larger wave of coordinated attacks that have already disrupted several other insurers.
Aflac Confirms Breach, Cites Industry-Wide Campaign
In a stark reminder of the growing cybersecurity challenges facing American corporations, Aflac, one of the nation’s largest supplemental health insurance providers, disclosed on Friday that it had suffered a significant data breach, one it believes is part of a coordinated cybercrime campaign targeting the insurance sector.
The company confirmed that hackers used social engineering tactics to infiltrate its systems and may have accessed highly sensitive data, including social security numbers, health records, claims data, and information relating to employees, beneficiaries, and agents. Aflac stated that their preliminary findings indicate that the unauthorized party used social engineering to gain access to their network. They immediately activated their cyber incident response protocols and contained the breach within hours.
Although no timeline has been provided for when the full review will conclude, Aflac is continuing to assess the volume and scope of compromised data. The company is offering free credit monitoring, identity theft protection, and Medical Shield services for 24 months to anyone potentially impacted.
FCRF x CERT-In Roll Out National Cyber Crisis Management Course to Prepare India’s Digital Defenders
No Ransomware, But High Risk: Sensitive Customer Data Likely Exposed
Unlike several other high-profile breaches, Aflac clarified that this attack did not involve ransomware. The core systems remain functional, and daily business operations, including underwriting and claims processing, are continuing without interruption. Still, the nature of the stolen data makes the breach particularly worrisome. Health records and social security numbers are considered high-value targets on the dark web, and their exposure can lead to long-term identity theft, financial fraud, and privacy invasions.
Cybersecurity analysts warn that insurance firms are increasingly appealing targets due to the sheer volume of personal and financial data they hold. The company’s transparency and quick incident response were praised by some experts, but others questioned how social engineering, a tactic reliant on human error, could have successfully penetrated a major financial institution’s defences.
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
More Than Just Aflac: Philadelphia and Erie Insurance Also Hit
Aflac’s breach is not an isolated case. Philadelphia Insurance Companies and Erie Insurance also suffered cyberattacks in recent weeks. In both cases, attackers reportedly caused significant disruptions to internal IT systems, though public disclosures have been limited. The U.S. insurance industry has increasingly become a hotbed for coordinated cyberattacks, with criminal groups often leveraging phishing, fake credentials, or insider access to infiltrate networks. A recent FBI bulletin noted a 35% rise in cyber intrusions into health and insurance systems in the first half of 2025 alone.
With the industry under siege, there is growing pressure on regulators and corporations to mandate more robust cybersecurity training and implement zero-trust architectures to protect critical data infrastructure. Aflac, for its part, says it is working with federal authorities, external cybersecurity experts, and forensic analysts to better understand the breach and reinforce its defences.
About the author – Prakriti Jha is a student at National Forensic Sciences University, Gandhinagar, currently pursuing B.Sc. LL.B (Hons.) with a keen interest in the intersection of law and data science. She is passionate about exploring how legal frameworks adapt to the evolving challenges of technology and justice.