Aflac Cyberattack Shows Signs of Scattered Spider Involvement

Breach Contained Quickly, But Sensitive Data May Be Exposed

U.S. insurance giant Aflac has confirmed a cybersecurity incident affecting internal systems. The company clarified that no ransomware was involved and customer operations remained stable. However, an investigation revealed that personally identifiable information (PII) may have been compromised.

The exposed data could include social security numbers, health details, claims records, and employment information. Aflac responded within hours of detecting the intrusion and engaged external cybersecurity experts to assist with containment and forensics.

Despite the quick response, the company filed a disclosure with the U.S. Securities and Exchange Commission (SEC) indicating that the breach’s full impact is still under review.

Scattered Spider Suspected in Rising Threat to Insurance Sector

While Aflac has not officially named the group behind the attack, cybersecurity analysts believe the methods resemble those used by Scattered Spider (also known as UNC3944, Muddled Libra, and 0ktapus). This advanced group is known for MFA fatigue attacks, phishing campaigns, and impersonation techniques.

Scattered Spider has targeted major organizations like MGM Resorts, DoorDash, and Reddit, and frequently partners with ransomware affiliates such as BlackCat and RansomHub. Their shift toward targeting insurers, including recent breaches at Philadelphia Insurance and Erie Insurance, points to an industry-wide threat.

Eye World urges insurance and financial firms to enhance staff awareness, adopt strict access controls, and implement continuous threat monitoring to combat these advanced persistent threats.