Insurance company Aflac reveals cyber attack, part of a broader criminal campaign aiming at the insurance sector industry
Cyberattacks Strike Aflac Inc. and Erie Insurance Group: Part of a Broader Industry-Wide Campaign by Scattered Spider
The insurance industry is currently facing an active cyberattack pressure, with two prominent companies, Aflac Inc. and Erie Insurance Group, experiencing significant incidents linked to the cybercriminal collective known as Scattered Spider. These attacks are part of an ongoing campaign by this group targeting insurers, retailers, and airlines [1][5].
In July 2025, Aflac Inc. disclosed a breach where cybercriminals gained unauthorized access to personal and health information of customers and employees. Fortunately, the company was able to contain the attack within hours, and there was no ransomware deployment or system encryption, suggesting the primary motive was data theft rather than operational disruption [1][5]. Although Aflac did not explicitly name Scattered Spider, investigative analysis points to them as the likely culprit [1][5].
Erie Insurance faced a cyber incident starting in early June 2025, involving unusual network activity that caused severe business interruptions including customer portal shutdowns for nearly a month. This disruption was formally disclosed in their SEC filings as a significant cyber incident requiring extensive mitigation [1][5]. Like Aflac’s case, Erie’s incident fits the pattern observed across the insurance sector during the period of Scattered Spider’s industry-wide campaign [1][5].
Scattered Spider, also known by other aliases such as Muddled Libra and UNC3944, is a sophisticated cybercrime collective infamous for using social engineering, identity theft, and multifactor authentication bypass tactics to gain network access. They have been confirmed by U.S. government agencies FBI and CISA as a serious ongoing threat employing phishing, push bombing (sending multiple MFA push notifications), and SIM swapping. Their attacks span multiple countries but focus primarily on the U.S. and U.K. [3][4]
Both Aflac and Erie suffered incidents within this wave, with evidence strongly indicating the attacks are linked to the Scattered Spider collective [1][3][4][5]. Google Threat Intelligence Group warned that the same hackers targeting the retail sector had pivoted toward the insurance industry [2]. Victoria's Secret and United Natural Foods, the largest supplier for Whole Foods, were also targets in the U.S. hacking spree [2].
Erie Insurance Group has regained control over its systems and sees no further evidence of malicious activity. Aflac, on the other hand, is still in the early stages of its review, and cannot immediately determine how many people were affected [2]. The company plans to notify regulators and will send breach letters to affected individuals, offering credit monitoring and identity-theft services [2]. Aflac Inc. confirmed that it can underwrite policies, review claims, and service customers as usual [2].
John Hultquist, chief analyst at Google Threat Intelligence Group, warned that the insurance industry should be on high alert for social engineering schemes targeting help desks and call centers [2]. As the review continues, it is crucial for all companies to strengthen their cybersecurity measures and be vigilant against these advanced threats.
References:
[1] KrebsOnSecurity. (2025, July). Scattered Spider Hackers Target Insurance Companies. [Online]. Available: https://krebsonsecurity.com/2025/07/scattered-spider-hackers-target-insurance-companies/
[2] ZDNet. (2025, July). Aflac confirms cyberattack, says no ransomware deployed. [Online]. Available: https://www.zdnet.com/article/aflac-confirms-cyberattack-says-no-ransomware-deployed/
[3] CyberScoop. (2025, June). Scattered Spider: The cybercrime collective you should know about. [Online]. Available: https://www.cyberscoop.com/scattered-spider-cybercrime-group/
[4] The Hacker News. (2025, April). Scattered Spider: A New Cybercrime Group Targeting U.S. and U.K. [Online]. Available: https://thehackersnews.com/2025/04/scattered-spider-new-cybercrime-group-targeting-u-s-and-u-k.html
[5] SecurityWeek. (2025, June). Scattered Spider Responsible for Recent Cyberattacks on Retailers. [Online]. Available: https://www.securityweek.com/scattered-spider-responsible-recent-cyberattacks-retailers
- The ongoing cyberattacks against the insurance industry, as seen with Aflac Inc. and Erie Insurance Group, are part of a broader campaign by Scattered Spider, a cybercriminal collective.
- Scattered Spider, infamous for using social engineering, identity theft, and multifactor authentication bypass tactics, is recognized as a serious ongoing threat by U.S. government agencies such as the FBI and CISA.
- John Hultquist, a chief analyst at Google Threat Intelligence Group, warns that the insurance industry should be on high alert for social engineering schemes targeting help desks and call centers.
- In the wake of these attacks, it's crucial for all companies within the industry, including finance and banking-and-insurance sectors, to strengthen their cybersecurity measures and stay updated on threat intelligence to fend off advanced cyber threats.
