INSURASALES
INSURANEWS Logo
Top Stories
Life
Health
Medicare
Property & Casualty
Annuity
Industry

Aflac Cybersecurity Breach: A Critical Reminder for Insurance Industry

Share:

A cybersecurity incident at Aflac Inc., a key player in the insurance industry headquartered in Columbus, Georgia, potentially compromised the personal data of approximately 22.65 million individuals. The breach involved unauthorized access to sensitive details like names, contact information, claims, and health records, as well as Social Security numbers, underscoring the critical need for enhanced regulatory compliance requirements across the sector.

In early June, Aflac, renowned for providing supplemental health insurance, detected unusual activity within its U.S. operations networks. The company swiftly halted the breach within a few hours, demonstrating efficient risk management. While Aflac has assured no fraudulent use of the compromised data has been reported so far, it remains vigilant, collaborating with external partners to monitor for any suspicious activities that could affect both payers and providers.

To mitigate potential impacts, Aflac is extending complimentary services such as credit monitoring, identity theft protection, and health fraud protection for two years. Attributing the breach to an advanced cybercrime group targeting the insurance industry, other carriers like Allianz Life, Erie Insurance, and Philadelphia Insurance Companies reportedly faced similar incidents during the same period, highlighting a troubling trend for underwriters.

The breach, discovered on June 12, was facilitated by social engineering methods. In response, Aflac now faces approximately two dozen proposed class action lawsuits, consolidated under a federal judge in Columbus. The company must address allegations of inadequate protection of customer information and delayed communication regarding the breach by mid-March, a stark reminder of regulatory compliance expectations.

While Aflac has not commented on the ongoing litigation, this incident highlights the insurance industry's growing vulnerability to sophisticated cyber threats. It emphasizes the need for robust cybersecurity measures to protect sensitive client information from unauthorized access and claims of inadequate protective measures.