In June, Aflac, a major U.S. insurance company, revealed that it experienced a data breach where hackers accessed customers’ personal information, including Social Security numbers and health records, but did not disclose how many individuals were affected.
On Tuesday, the company confirmed it is now notifying approximately 22.65 million customers whose data was compromised during the cyberattack.
In a filing with the Texas attorney general, Aflac stated that the stolen information includes customer names, dates of birth, home addresses, government-issued IDs (like passports and state IDs), driver’s license numbers, Social Security numbers, as well as medical and health insurance details.
Additionally, in a filing with the Iowa attorney general, Aflac mentioned that the hackers behind the breach “may be affiliated with a known cyber-criminal organization.” Federal law enforcement and cybersecurity experts have suggested that this group might have been targeting the insurance sector as a whole.
Considering that Scattered Spider, a loose collective consisting mainly of young English-speaking hackers, was active in targeting the insurance industry at the time of the breach, it’s possible this is the group Aflac is referencing.
Aflac’s spokesperson did not reply to TechCrunch’s request for comment.
The company claims to have around 50 million customers, according to its official website.
Aflac wasn’t alone; several other insurance companies, including Erie Insurance and Philadelphia Insurance Companies, also experienced data breaches around the same period.
