American insurance giant Aflac has revealed that its U.S. network was hit by a cyberattack on June 12. The attack was part of a larger campaign aimed at insurance companies. Aflac detected and stopped the intrusion within hours. No ransomware was used, and the company’s operations were not disrupted.
Aflac says it continues to underwrite policies and process claims as usual. Early findings suggest the attackers were a skilled cybercrime group that gained access through social engineering techniques.
To contain the situation, Aflac has hired outside cybersecurity experts. The company is still investigating the breach. It believes the compromised files may include sensitive information, such as Social Security numbers, health and claims records, and other personal details of customers, employees, agents, and beneficiaries.
Aflac has set up a dedicated call center and is offering those affected 24 months of free credit monitoring, identity theft protection, and Medical Shield. The call center will remain open through the end of June.
“We regret that this incident occurred,” the company said. Aflac pledged to remain transparent and to support impacted individuals as the investigation continues.
Insurance Companies Under Attack
Lawrence Pingree, vice president at Dispersive, said insurance companies are often targeted because they hold large amounts of valuable data. “Initial access brokers find these firms appealing because of the data they can collect for future attacks,” he explained.
Quick Response Praised
Kumar Saurabh, CEO and founder of AirMDR, noted that Aflac acted quickly. He pointed out that many smaller businesses would not have the ability to detect and stop an attack so fast. “Most small and mid-sized companies lack the tools and staff to respond in time,” he said. Saurabh emphasized that the cybersecurity industry should focus more on helping smaller businesses, not just large corporations.
Growing Use of Social Engineering
Ted Miracco, CEO of Approov, praised Aflac’s quick response and openness. He said the attackers likely used social engineering to break into Aflac’s network—a method becoming more common in the insurance and financial sectors.
Miracco warned that attackers are using AI tools to target employees and bypass security. He stressed the need for stronger, layered security measures. This includes phishing-resistant authentication, app protection, and better API defenses, especially for companies with mobile platforms.
“Aflac’s case should remind all companies to review how they protect customer data,” Miracco said.
