Aflac Confirms Hackers Stole Data of 22.65 Million People in Massive Breach

U.S. insurance giant has confirmed that a disclosed in June compromised the personal data of people. The company, which initially withheld the number of victims, revealed the staggering scale of the breach in a recent filing with the Texas attorney general as it began notifying those affected.

According to the filing, the stolen data is exceptionally sensitive and goes far beyond typical personal identifiers. The compromised information includes customer names, dates of birth, home addresses, Social Security numbers, and driver's license numbers. It also includes other government-issued ID numbers, such as from passports and state ID cards, as well as medical and health insurance information. With a total customer base of around , according to its website, the breach has impacted nearly half of Aflac's clientele.

Aflac stated in a separate filing with the Iowa attorney general that the culprits "may be affiliated with a known cyber-criminal organization." The filing notes that federal law enforcement and third-party experts believe this group was specifically targeting the insurance industry at large.

Evidence suggests the group may be , a collective of young, English-speaking hackers known for targeting the insurance sector around the time of the breach. This incident was not isolated; other companies like Erie Insurance and Philadelphia Insurance Companies were also hacked in the same period. A spokesperson for Aflac did not respond to TechCrunch’s request for comment.