Aflac duped by social-engineering attack, marking another hit on insurance industry | CyberScoop<\/title> <meta name=\"description\" content=\"Three insurance companies have publicly disclosed cyberattacks in the past week. Scattered Spider, an amorphous band of cybercriminals, has been actively targeting the sector.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/aflac-cyberattack-insurance-sector-scattered-spider\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Aflac duped by social-engineering attack, marking another hit on insurance industry\"> <meta property=\"og:description\" content=\"Three insurance companies have publicly disclosed cyberattacks in the past week. Scattered Spider, an amorphous band of cybercriminals, has been actively targeting the sector.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/aflac-cyberattack-insurance-sector-scattered-spider\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-06-20T15:50:16+00:00\"> <meta property=\"article:modified_time\" content=\"2025-06-20T15:50:19+00:00\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/aflac-duped-by-social-engineering-attack-marking-another-hit-on-insurance-industry-2.jpg\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1746040294g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1750115417g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1748220166g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/84948\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=84948\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Faflac-cyberattack-insurance-sector-scattered-spider%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Faflac-cyberattack-insurance-sector-scattered-spider%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-84948 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/aflac-cyberattack-insurance-sector-scattered-spider\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"4.9180327868852\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Voting is open for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.446360153257\">\n<div class=\"single-article__header-content\" readability=\"36.318584070796\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/aflac-cyberattack-insurance-sector-scattered-spider\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> Three insurance companies have publicly disclosed cyberattacks in the past week. Scattered Spider, an amorphous band of cybercriminals, has been actively targeting the sector. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/84948\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/aflac-duped-by-social-engineering-attack-marking-another-hit-on-insurance-industry.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"The logo of Aflac displayed on a smartphone.\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/aflac-duped-by-social-engineering-attack-marking-another-hit-on-insurance-industry-2.jpg 6534w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/aflac-duped-by-social-engineering-attack-marking-another-hit-on-insurance-industry-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/aflac-duped-by-social-engineering-attack-marking-another-hit-on-insurance-industry-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/aflac-duped-by-social-engineering-attack-marking-another-hit-on-insurance-industry-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/aflac-duped-by-social-engineering-attack-marking-another-hit-on-insurance-industry-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/aflac-duped-by-social-engineering-attack-marking-another-hit-on-insurance-industry-2.jpg?resize=2048,1365 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/aflac-duped-by-social-engineering-attack-marking-another-hit-on-insurance-industry-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/aflac-duped-by-social-engineering-attack-marking-another-hit-on-insurance-industry-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/aflac-duped-by-social-engineering-attack-marking-another-hit-on-insurance-industry-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/aflac-duped-by-social-engineering-attack-marking-another-hit-on-insurance-industry-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/aflac-duped-by-social-engineering-attack-marking-another-hit-on-insurance-industry-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> The logo of Aflac displayed on a smartphone. (Cheng Xin\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"41.177162460181\"><body readability=\"83.135700522984\"><\/p>\n<p>Aflac disclosed Friday that it experienced a cyberattack last week that potentially impacted the supplemental insurance company\u2019s data. <\/p>\n<p>The Georgia-based company said it identified unauthorized access on its network June 12. Upon initiating its cybersecurity incident response protocols, Aflac \u201cbelieves that it contained the intrusion within hours,\u201d the company said in a <a href=\"https:\/\/www.sec.gov\/ix?doc=\/Archives\/edgar\/data\/0000004977\/000000497725000128\/afl-20250620.htm\">regulatory filing<\/a>. \u201cThe company\u2019s business remains operational, and its systems were not affected by ransomware.\u201d<\/p>\n<p>Aflac is the third insurance company to publicly disclose an attack on its network in the past eight days, and it follows a warning from Google Threat Intelligence Group that the loosely knit cybercrime collective Scattered Spider was <a href=\"https:\/\/cyberscoop.com\/scattered-spider-pivot-insurance-industry\/\">actively targeting the insurance sector<\/a>. <\/p>\n<p><a href=\"https:\/\/erieindemnitycompany.gcs-web.com\/node\/40791\/html\">Erie Insurance<\/a>, <a href=\"https:\/\/www.phly.com\/\">Philadelphia Insurance Companies<\/a> and Aflac were all hit in a five-day period, in that order, starting June 7. Erie Insurance and Philadelphia Insurance Companies, a subsidiary of Tokio Marine Holdings, experienced network outages and business disruption as a result of the attacks while recovery efforts remain ongoing.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>A source familiar with the incident said Aflac doesn\u2019t know if Scattered Spider was responsible because the attackers did not identify themselves, but the characteristics of the attack are certainly consistent with the financially motivated threat group.<\/p>\n<p>Aflac did not immediately respond to a request for comment. <\/p>\n<p>\u201cThis attack, like many insurance companies are currently experiencing, was caused by a sophisticated cybercrime group. This was part of a cybercrime campaign against the insurance industry,\u201d the company said in a <a href=\"https:\/\/www.prnewswire.com\/news-releases\/aflac-incorporated-discloses-cybersecurity-incident-302487036.html\">news release<\/a> Friday. <\/p>\n<p>\u201cWhile the investigation remains in its early stages, in the spirit of transparency and care for our customers, we are sharing that our preliminary findings indicate that the unauthorized party used social engineering tactics to gain access to our network.\u201d<\/p>\n<p>The company said a review of potentially impacted files \u2014 including claims information, health information, Social Security numbers and other personal information \u2014 is in the early stages.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Aflac and Erie Insurance both specifically indicated they\u2019ve seen no evidence of ransomware on their systems, but they didn\u2019t explain further. <\/p>\n<p>Ransomware, in the traditional sense, involves encrypted data but the term is also more colloquially used to describe all manner of attacks involving extortion attempts under threats to leak or sell stolen company data.<\/p>\n<p>Scattered Spider is an amorphous band of young English-speaking cybercriminals affiliated with the larger sprawling network known as <a href=\"https:\/\/cyberscoop.com\/the-com-subculture-infamy-crimes\/\">The Com<\/a>. Scattered Spider associates recently ran roughshod over U.K.- and U.S.-based retailers before pivoting, once again, to insurance companies.<\/p>\n<p>The ring of cybercriminals historically focus on one sector at a time, resulting in a wave of extortion attacks on companies in the same industry, which often use similar systems and processes. <\/p>\n<p>Google previously warned that Scattered Spider shifted its attention to U.S. retailers after the group hit multiple retailers and grocery stores in the U.K. in April. The pattern of recent activities attributed to Scattered Spider has been consistent.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cWe are now seeing incidents in the insurance industry,\u201d John Hultquist, chief analyst at Google Threat Intelligence Group, told CyberScoop on Monday. \u201cGiven this actor\u2019s history of focusing on a sector at a time, the insurance industry should be on high alert, especially for social engineering schemes which target their help desks and call centers.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.9765100671141\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/aflac-duped-by-social-engineering-attack-marking-another-hit-on-insurance-industry-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/aflac-cyberattack-insurance-sector-scattered-spider\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Aflac duped by social-engineering attack, marking another hit on insurance<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[282,78,3154,46,953,984,288],"tags":[286,86,3156,54,958,986,294],"class_list":["post-7746","post","type-post","status-publish","format-standard","hentry","category-cybercrime","category-cybersecurity","category-insurance","category-ransomware","category-scattered-spider","category-the-com","category-threats","tag-cybercrime","tag-cybersecurity","tag-insurance","tag-ransomware","tag-scattered-spider","tag-the-com","tag-threats"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/insurance\/\" rel=\"category tag\">insurance<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/scattered-spider\/\" rel=\"category tag\">Scattered Spider<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/the-com\/\" rel=\"category tag\">The Com<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a>","tag_info":"Threats","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7746","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7746"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7746\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7746"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7746"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7746"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7746,"date":"2025-06-20T10:50:16","date_gmt":"2025-06-20T15:50:16","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=84948"},"modified":"2025-06-20T10:50:16","modified_gmt":"2025-06-20T15:50:16","slug":"aflac-duped-by-social-engineering-attack-marking-another-hit-on-insurance-industry","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/06\/20\/aflac-duped-by-social-engineering-attack-marking-another-hit-on-insurance-industry\/","title":{"rendered":"Aflac duped by social-engineering attack, marking another hit on insurance industry"},"content":{"rendered":"