Aflac discloses cybersecurity incident, Scattered Spider most likely responsible

American insurance company Aflac has acknowledged that its IT systems have been breached by a ‘sophisticated cybercrime group.’

In a press release, Aflac says it identified ‘suspicious activity’ on its corporate network in the United States on June 12. Employees immediately responded by initiating security protocols, thus stopping the intrusion within a matter of hours.

As soon as the security breach came to light, Aflac called upon a leading third-party cybersecurity firm to support the company in its response to this incident. Preliminary findings indicate that the attackers employed social engineering tactics to gain unauthorized access to the insurance company’s IT network.

In addition, the security experts reviewed potentially impacted files. These documents contain all sorts of sensitive information, including claims information, health information, social security numbers, and other personal information related to customers, beneficiaries, employees, agents, and other individuals in the United States.

“It is important to note that the review is in its early stages, and we are unable to determine the total number of affected individuals until that review is completed,” Aflac states in its press release.

“Our business remains operational, and our systems were not affected by ransomware. We continue to serve our customers as we respond to this incident and can underwrite policies, review claims, and otherwise service our customers as usual,” the insurance firm adds.

While Aflac doesn’t tell us what ‘sophisticated cybercrime group’ is responsible for the attack, most news outlets, including BleepingComputer, suggest that the incident has all the signs of an attack that was carried out by Scattered Spider.

Scattered Spider, also known in the industry as Roasted 0ktapus, UNC3944, Scatter Swine, Starfraud, or Storm0875, is believed to be made up of individuals based in both the United States and the United Kingdom and is known for SMS phishing, SIM swapping, and MFA fatigue attacks.

The group, which has been around since 2022, is known for its high-profile campaigns targeting hundreds of companies over the years, primarily in the financial services sector, including notable names such as Snowflake, MGM Resorts, DoorDash, Riot Games, LastPass, Twilio, and others.