Scattered Spider is known to impersonate employees, deceive IT support teams and get past multi-factor authentication using psychological tactics. (Credit: NicoElNino/Adobe Stock)
Aflac announced on Friday that it had experienced a cyberattack — the third insurer in a matter of days to suffer a breach.
The Georgia-based insurer said it detected unauthorized access on June 12, triggering the company’s cybersecurity incident response protocols. In a regulatory filing, Aflac said it believes it contained the intrusion within hours.
The company is reviewing potentially impacted files and doesn’t yet know the total number of individuals affected by the breach. But the files that could have been accessed include claims information, health information, Social Security numbers and other personal information for customers, beneficiaries, employees and agents.
Aflac is the third insurer to publicly disclose an attack over the last several days. Erie Insurance was hit with an attack on June 7. And Philadelphia Insurance Companies — a subsidiary of Tokio Marine Holdings — detected suspicious activity on June 9, causing it to disconnect affected systems.
Google Threat Intelligence Group issued a warning that Scattered Spider, a loose-knit cybercrime collective, has recently started targeting the insurance industry.
"Google Threat Intelligence Group is now aware of multiple intrusions in the U.S. which bear all the hallmarks of Scattered Spider activity," John Hultquist, chief analyst at GTIG, said in an email last week. "We are now seeing incidents in the insurance industry. Given this actor's history of focusing on a sector at a time, the insurance industry should be on high alert, especially for social engineering schemes which target their help desks and call centers."
The group is known to impersonate employees, deceive IT support teams and get past multi-factor authentication using psychological tactics.
While none of the recent attacks have been formally attributed to Scattered Spider, the timing and circumstances suggest the group could have been involved.
© Touchpoint Markets, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.