This Aflac Data Breach Compromised an Unknown Number of Accounts
An unknown number of policyholders may have had their sensitive information stolen in the attack.
BigThink
Customers who have insurance through Aflac may have had their data stolen. Earlier this month, the company experienced a cyber attack that compromised personal information belonging to an unknown number of its approximately 50 million policyholders.
Aflac is just the latest in a string of insurance and healthcare companies targeted by cyber actors. The group believed to be behind this incident is also reportedly responsible for recent hacks at Philadelphia Insurance Companies and Erie Indemnity. In the last year or so, major breaches have also been reported at Landmark Admin and Blue Shield of California, among others.
How the Aflac data leak happened
Aflac hasn't disclosed many specifics of the cyber incident, which occurred on June 12, other than to say that the "unauthorized party" utilized social engineering to hack into the company's network. These tactics may have included scamming help desks to reset login credentials and bypass multifactor authentication, according to a security expert interviewed by Reuters.
Aflac has said that the attack lasted several hours and did not involve ransomware. The compromised data may have included claim information, health information, Social Security numbers, and other "personal information" belonging to Aflac customers, beneficiaries, agents, and employees.
What to do if your data was compromised
As Aflac has not determined how many customers were affected by the breach, the company does not appear to be notifying individuals directly at this time. However, if you are an Aflac policyholder, you can contact the company's call center to receive 24 months of free credit monitoring, identity theft protection, and Medical Shield, which specifically focuses on medical and healthcare data that may be at risk of exposure or fraud. According to Aflac's press release describing the incident, any customer who calls is eligible for these services.
What do you think so far?
The call center is open Monday to Friday from 9 a.m. to 9 p.m. ET, Saturday from 9 a.m. to 5:30 p.m. ET, and Sunday from 10 a.m. to 4 p.m. ET through the end of June (so you should call ASAP). The number is 855-361-0305.
Otherwise, the usual precautions following a data breach apply: Keep an eye on your credit report (request a free copy each week) and financial statements—whether you have credit monitoring and identity theft protection set up or not—for signs of unusual activity. You can go ahead and freeze your credit and place a fraud alert on your file.
Be wary of unsolicited communication that could be phishing attempts, and never click links, open attachments, or engage in any way with texts, emails, or phone calls from anyone you don't know. You should also proceed with caution if you receive any messages or notices specifically related to your Aflac account: never provide sensitive information to anyone who contacts you out of the blue, and always go directly to the website to log in or access your information.
