Social Security numbers may be compromised after Aflac breach

The insurance company stopped a cybersecurity breach last week after noticing suspicious activity on its U.S. network, according to a Friday statement from Aflac. The company said it was reviewing potentially impacted files containing health information, Social Security numbers, and other personal information tied to customers, beneficiaries, and other individuals associated with the U.S. business. The hack was shut down hours after it started on June 12, the company said. None of Aflac’s systems were affected by ransomware and all business remains operational, according to the statement. It's too early in the investigation to determine the total number of people impacted, Aflac said. Any concerned individuals can contact the company to obtain two years of free monitoring of credit and healthcare information, as well as identify theft protection.

A preliminary investigation suggests that an unauthorized party used social engineering tactics to hack the company’s network, the company said. Social engineering cyberattacks occur when hackers trick individuals into visiting websites, downloading attachments, or sharing information that will compromise a network’s security, according to IBM. The tactic focuses on manipulating the human nature of employees to receive network access rather than trying to break through cybersecurity controls like firewalls or antivirus software. Aflac described the attackers as a sophisticated cyber group taking part in a cybercrime campaign against the insurance industry.

Wait, how many other insurance companies have been targeted? Erie Insurance suffered a cyberattack on June 7, triggering a days-long network outage, according to company statements. Even the most well-protected companies are falling prey to these increasingly sophisticated attacks, Erie said in a Tuesday update. The company insisted it had complete control of its systems and saw no evidence of ransomware damage or other ongoing threats. On June 10, Philadelphia Insurance Companies shut down its network in order to contain a cyberattack. It took the company days to restore limited services to customers, according to its outage updates. Both companies are conducting forensic investigations with law enforcement.

Dig deeper: Listen to Mary Reichard’s reporting on The World and Everything in It about companies struggling to stay one step ahead of hackers.