Aflac—that large insurance company with the duck logo—just announced a significant cybersecurity breach. They noticed unusual activity in their system on June 12 and were able to shut it down within hours, thankfully. But here’s the catch: the breach potentially exposed sensitive information, including Social Security numbers, health claims, and other personal information.
This was not your average cyberattack. Aflac says they were hit by a highly sophisticated and well-documented gang that has been going after insurance companies lately. So if you or someone you know has Aflac, be on the lookout for this.
Read this later
Calendar quirk: The reason why there is no Social Security check in June
Big change at social security: what to know about the September 30, 2025 deadline
Good news for retirees: COLA predictions trend upwards for 2026
Goodbye to Medicare and Social Security: new go-broke dates released for key social programs
Why you should care
You may wonder, “Why do I care if they shut it off fast?” The issue is that even swift action won’t ensure all of your data is safe. Hackers don’t always have a lot of time to cause damage. And if Social Security numbers and health data had been exposed to hackers, this could result in identity theft, medical fraud, or fake email phishing.
Aflac is continuing to investigate, so they did not provide the total number of individuals impacted. But the indication that files involved would contain customer data, employees, agents, and even beneficiaries is a massive red flag.
How did the hackers get in?
The hackers used a technique called social engineering—getting individuals to give up access without realizing it. Sort of like when somebody calls your workplace pretending to be IT support and gets your password. Simple, but very effective. These tactics are becoming more popular and especially dangerous for industries that handle sensitive data like insurance and health care.
What Aflac is saying now
The company asserts that they have isolated the issue and declared that their business is not affected. That is, they still write policies, pay claims, and service customers.
They also released a statement that they’ll keep servicing their customers despite the attack. And they’re not alone in doing so—other firms such as Erie and Philadelphia Insurance have been hit with the same kinds of attacks in recent weeks. It is an allegedly hacktivist collective, Scattered Spider, that has been behind many of the recent attacks and targets companies by industry rather than department.
What you should do if you’re affected
Aflac is offering 24 months of free identity theft protection, credit monitoring, and a product called Medical Shield to those who are potentially affected. You can enroll by calling their special toll-free number at 1-855-361-0305. The lines are open seven days a week through the end of June.
It’s a smart move to take them up on this offer—even if you’re not sure your info was exposed. Better safe than sorry.
So yeah, this isn’t just another headline. If you’ve got any ties to Aflac, keep an eye on your email and credit reports. Cybercrime is no joke, and with personal info like Social Security numbers out there, staying ahead is your best defense.
