# Aflac Hackers Breach Data of 22.65M Users
In a major cybersecurity blow to the insurance industry, Aflac Incorporated has confirmed that hackers breached its U.S. network in June 2025, exposing sensitive personal data of 22.65 million individuals, including Social Security numbers, health information, and claims details.[1][4][6] The company detected the intrusion on June 12 and swiftly contained it, but the scale of the Aflac data breach has sparked investigations, free credit monitoring offers, and concerns over rising cyber threats targeting insurers.[2][3]
Details of the Aflac Cybersecurity Incident
Aflac identified suspicious activity on its U.S. network on June 12, 2025, promptly activating incident response protocols and halting the breach within hours, with no ransomware impact reported.[1][3] Attackers, linked to the sophisticated cybercrime group Scattered Spider, employed social engineering tactics to gain access, a method increasingly common in insurance sector attacks.[1][3] Third-party cybersecurity experts assisted in the response, securing accounts, resetting passwords, and monitoring for fraud, though no misuse of stolen data has been detected to date.[1]
The compromised files included claims information, health records, Social Security numbers, and other personal details affecting customers, beneficiaries, employees, agents, and employer customers.[1][3][7] Aflac's detailed file review pinpointed 22.65 million individuals as impacted, leading to notifications and remedial actions like extended premium grace periods.[3][4][6]
Aflac's Response and Support for Affected Users
Aflac has launched a dedicated call center at 1-855-361-0305 for affected individuals, offering 24 months of free credit monitoring, identity theft protection, and Medical Shield services.[1] The company is notifying those impacted and continues vigilant monitoring for fraudulent activity.[1][6] This rapid response minimized operational disruptions, but experts note it highlights vulnerabilities in third-party vendor security and supply chain risks, as 59% of 2025 insurance breaches involved such elements.[3]
Law firms like Migliaccio & Rathod LLP have initiated data breach investigations on behalf of the 22.65 million affected, potentially paving the way for class-action lawsuits over negligence claims.[2]
Broader Implications for the Insurance Industry
The Aflac hack underscores escalating cyber risks in insurance, where AI-powered phishing, business email compromise (BEC), and ransomware now dominate, accounting for 60% of Q3 2025 cyber insurance claims.[3] Historical precedents like Anthem's 2014 breach, costing $260 million, illustrate long-term reputational and operational damages, with average incident costs hitting $6.08 million.[3] Industry-wide, third-party exploits—like those in the Allianz Life incident via Salesforce CRM—signal the need for enhanced SSO, SAML, OIDC, and AI defenses to protect sensitive policyholder data.[1][3]
As cybercrime groups like Scattered Spider target insurers, the sector faces heightened scrutiny on preparedness, potentially driving regulatory changes and increased cyber insurance premiums.[3]
Frequently Asked Questions
What data was exposed in the Aflac data breach?
The breach compromised **claims information, health records, Social Security numbers**, and other personal details for about 22.65 million customers, beneficiaries, employees, agents, and employer customers.[1][3][7]
When did the Aflac cybersecurity incident occur?
Aflac detected the unauthorized access on **June 12, 2025**, and contained it within hours using incident response protocols.[1][3]
What is Aflac offering affected individuals?
Free **24 months of credit monitoring, identity theft protection, and Medical Shield** are available by calling the dedicated line at **1-855-361-0305**.[1]
Who is behind the Aflac hack?
The attack is attributed to **Scattered Spider**, a cybercrime group using **social engineering** tactics targeting the insurance industry.[1][3]
Has there been any fraudulent use of the stolen Aflac data?
To date, Aflac reports **no known fraudulent activity** from the breached information, with ongoing monitoring in place.[1]
Are there investigations into the Aflac breach?
Yes, firms like **Migliaccio & Rathod LLP** are investigating potential class actions for the 22.65 million impacted individuals.[2]
🔄 Updated: 12/23/2025, 5:30:33 PM
**Aflac has confirmed that hackers stole personal data of approximately 22.65 million individuals during a June 2025 cyberattack, with the breach likely linked to Scattered Spider, a cybercriminal group targeting the insurance industry at large.[3]** The incident, which compromised names, Social Security numbers, health information, and government-issued IDs, positions Aflac among multiple insurers breached simultaneously—including Erie Insurance and Philadelphia Insurance Companies—signaling an industry-wide vulnerability that may shift competitive dynamics as customers reassess their providers' security posture.[3] According to analysis, 59% of 2025 insurance breaches involved third-party vendors, and AI
🔄 Updated: 12/23/2025, 5:40:28 PM
**Aflac's June 2025 breach of 22.65 million individuals has exposed critical vulnerabilities in the insurance sector's supply chain security, with cybersecurity experts attributing the attack to the sophisticated threat group Scattered Spider using social engineering tactics.[3]** The incident underscores a broader industry crisis: 59% of 2025 insurance breaches involved third-party vendors, and cyber incidents are triggering substantial operational costs averaging $6.08 million while creating lasting reputational damage comparable to Anthem's $260 million 2014 breach.[3] Experts warn that AI-powered attacks are reshaping the threat landscape, with 60% of cyber insurance claims in Q
🔄 Updated: 12/23/2025, 5:50:26 PM
**Senate Demands Answers on Aflac Breach.** U.S. Senators have demanded detailed responses from Aflac by September 5, 2025, regarding the June 2025 cyberattack that exposed personal and protected health information of **22.65 million individuals**, seeking specifics on pre-breach security measures, notifications to federal agencies, and reporting beyond HIPAA requirements.[1][2] Aflac reported the breach to the HHS Office for Civil Rights on August 8, 2025, using a placeholder of 500 affected individuals pending full review, and recently filed with the Texas and Iowa attorneys general detailing stolen data like Social Security numbers and medical information.[1][6]
🔄 Updated: 12/23/2025, 6:00:29 PM
**Cybersecurity experts link Aflac's June 2025 breach—exposing data of 22.65 million individuals including Social Security numbers and health records—to the sophisticated Scattered Spider group, which used social engineering to target insurance firms via third-party vendors.** Industry analysis from AInvest reveals that 59% of 2025 insurance breaches involved such vendors, with AI-powered attacks like advanced phishing driving 60% of Q3 cyber claims, averaging $6.08 million in operational costs per incident.[3] "The incident underscores broader vulnerabilities in the insurance ecosystem," experts note, warning of lingering reputational risks akin to Anthem's $260M fallout from its 2014 breach.[3]
🔄 Updated: 12/23/2025, 6:10:25 PM
**Cybersecurity experts analyzing the Aflac breach, which exposed personal data of 22.65 million individuals including Social Security numbers and health information via social engineering on June 12, 2025, warn of heightened identity theft risks.** "All of the information stolen is likely valuable and dangerous to affected victims," states Migliaccio & Rathod LLP, noting past incidents led to fraudulent charges, unauthorized credit applications, and dark web postings[3]. Industry observers emphasize the targeting of the insurance sector by sophisticated groups, urging firms to bolster defenses against such tactics amid no reported fraudulent use to date[1][2].
🔄 Updated: 12/23/2025, 6:20:24 PM
I cannot provide a news update on consumer and public reaction to the Aflac breach because the search results contain no information about how consumers or the public have responded to this incident. The available sources focus on the breach details—including the June 12, 2025 detection date, the 22.65 million individuals affected, and the types of data compromised (names, contact information, Social Security numbers, health information, and claims data)[1][2]—but do not include any quotes, statements, or documented reactions from affected consumers, industry analysts, or public responses. To write an accurate news update on this angle, you would need sources that capture consumer sentiment, complaint filings, or public commentary about the breach.
🔄 Updated: 12/23/2025, 6:30:26 PM
**Breaking: Aflac hackers exploited suspicious network activity detected on June 12, 2025, breaching systems and extracting sensitive data including names, contact details, claims information, health records, and Social Security numbers from 22.65 million individuals—primarily agents, employer customers, and coverage beneficiaries.[1][2][3]** Technical analysis reveals the unauthorized actor accessed Aflac's core systems without specified breach vector details, prompting a full file review completed by September 18, 2025, with notifications now underway amid risks of identity theft, fraudulent charges, dark web sales, and spam surges.[1][4] Implications include urgent needs for 2FA activation, password changes, and financial monitoring, as stolen healt
🔄 Updated: 12/23/2025, 6:40:25 PM
**LIVE NEWS UPDATE: Aflac Hackers Breach Data of 22.65M Users**
The June 12, 2025, Aflac cyberattack, linked to a sophisticated cybercrime group using social engineering, exposed sensitive data like Social Security numbers and health information for 22.65 million individuals—primarily U.S. customers, agents, and beneficiaries—prompting global cybersecurity alerts over risks of identity theft and dark web sales.[1][2][5] Internationally, firms like Japan's SSOJet urged enhanced SSO defenses against similar insurance-targeted threats, while no official responses emerged from foreign governments despite Aflac's operations in Asia.[1] Aflac is providing 24-month free credi
🔄 Updated: 12/23/2025, 6:50:25 PM
**Aflac confirms massive data breach affecting 22.65 million individuals**
Aflac identified suspicious network activity on June 12, 2025, and subsequently determined that an unauthorized actor obtained personal information including names, contact details, Social Security numbers, health records, and claims data from approximately 22.65 million individuals—spanning agents, employer customers, and coverage beneficiaries[1][2]. The compromised data poses significant identity theft risks, with affected victims potentially facing fraudulent financial charges, unauthorized credit applications, and medical identity fraud, while Aflac began notifying impacted individuals on December 19, 2025[1][4].