On Friday, American insurance giant Aflac disclosed that its systems were breached in a broader campaign targeting insurance companies across the United States by attackers who may have stolen personal and health information.
Aflac (short for American Family Life Assurance Company) is the largest supplemental insurance provider in the U.S. and a Fortune 500 company that provides insurance services to millions of customers in the U.S. and Japan.
In a press release earlier today, the insurance company added that its network was not affected by ransomware. It is unclear, though, if ransomware was deployed and blocked or if this was just a data theft attack.
"We promptly initiated our cyber incident response protocols and stopped the intrusion within hours. Importantly, our business remains operational, and our systems were not affected by ransomware," Aflac stated.
"We continue to serve our customers as we respond to this incident and can underwrite policies, review claims, and otherwise service our customers as usual. This attack, like many insurance companies are currently experiencing, was caused by a sophisticated cybercrime group. This was part of a cybercrime campaign against the insurance industry."
After detecting the breach, Aflac hired external cybersecurity experts to investigate the incident and review the contents of files potentially exposed during the attack.
As the company explained in a filing with the U.S. Securities and Exchange Commission (SEC), these documents contain a wide range of sensitive information related to customers, beneficiaries, employees, agents, and other individuals, ranging from claims and health information to social security numbers and/or other personal information.
Scattered Spider attacks targeting insurance firms
While an Aflac spokesperson couldn't attribute the breach to a specific cybercrime group, the breach exhibits all the signs of a Scattered Spider attack.
Scattered Spider (also tracked as 0ktapus, UNC3944, Scatter Swine, Starfraud, and Muddled Libra) is a group of threat actors known for their sophisticated social engineering attacks against high-profile organizations worldwide, with tactics that include phishing, SIM swapping, and multi-factor authentication (MFA) bombing.
... continue reading