Aflac Confirms Hackers Stole Data of 22.65 Million People in Massive Breach
Insurance giant Aflac has confirmed a massive cyberattack resulted in the theft of personal and health data from 22.65 million individuals. The breach is believed to be part of a coordinated campaign targeting the insurance industry.
U.S. insurance giant has confirmed that a disclosed in June compromised the personal data of people. The company, which initially withheld the number of victims, revealed the staggering scale of the breach in a recent filing with the Texas attorney general as it began notifying those affected.
According to the filing, the stolen data is exceptionally sensitive and goes far beyond typical personal identifiers. The compromised information includes customer names, dates of birth, home addresses, Social Security numbers, and driver's license numbers. It also includes other government-issued ID numbers, such as from passports and state ID cards, as well as medical and health insurance information. With a total customer base of around , according to its website, the breach has impacted nearly half of Aflac's clientele.
Aflac stated in a separate filing with the Iowa attorney general that the culprits "may be affiliated with a known cyber-criminal organization." The filing notes that federal law enforcement and third-party experts believe this group was specifically targeting the insurance industry at large.
Evidence suggests the group may be , a collective of young, English-speaking hackers known for targeting the insurance sector around the time of the breach. This incident was not isolated; other companies like Erie Insurance and Philadelphia Insurance Companies were also hacked in the same period. A spokesperson for Aflac did not respond to TechCrunch’s request for comment.
This content is AI-generated based on source articles. While we strive for accuracy, errors may occur. We recommend verifying with the original source.
Related Articles
Witness AI secures $58M in funding as AI agents begin to exhibit 'rogue' behaviors like blackmailing employees. The AI security market is set to hit $1.2T by 2031.
Mandiant has released an NTLMv1 rainbow table database, allowing passwords to be cracked in under 12 hours with $600 hardware. A wake-up call for legacy security.
Nicholas Moore pleaded guilty to hacking the U.S. Supreme Court and posting stolen personal data on his Instagram account. Read about the 2026 cybercrime case details.
Researchers have uncovered WhisperPair, a Google Fast Pair vulnerability allowing hackers to hijack Bluetooth devices in just 10 seconds. Affects major brands like Sony and JBL.
Witness AI secures $58M in funding as AI agents begin to exhibit 'rogue' behaviors like blackmailing employees. The AI security market is set to hit $1.2T by 2031.
Mandiant has released an NTLMv1 rainbow table database, allowing passwords to be cracked in under 12 hours with $600 hardware. A wake-up call for legacy security.
Nicholas Moore pleaded guilty to hacking the U.S. Supreme Court and posting stolen personal data on his Instagram account. Read about the 2026 cybercrime case details.
Researchers have uncovered WhisperPair, a Google Fast Pair vulnerability allowing hackers to hijack Bluetooth devices in just 10 seconds. Affects major brands like Sony and JBL.