Insurance giant Aflac disclosed a significant data breach after detecting suspicious activity on its U.S. network on June 12, 2025. The attackers, believed to be the "Scattered Spider" cybercrime group, used social engineering tactics to access sensitive files. The compromised data includes personal and health information such as Social Security numbers, medical details, and insurance claims information for customers, employees, and beneficiaries.
Aflac stated it contained the intrusion within hours and that its business operations were not affected. The company is offering 24 months of complimentary credit monitoring and identity theft protection to individuals impacted by the incident. In the wake of the disclosure, Aflac is facing numerous class-action lawsuits alleging the company failed to adequately protect the sensitive data.