Aflac notifies SEC of breach suspected to be work of Scattered Spider

On June 12, 2025, Aflac Incorporated, a Georgia corporation (the “Company”), identified unauthorized access to its network. The Company promptly initiated its cybersecurity incident response protocols and believes that it contained the intrusion within hours. The Company’s business remains operational, and its systems were not affected by ransomware. The Company continues to serve its policyholders as it responds to this incident and can underwrite policies, review claims, and otherwise service customers as usual. The Company has engaged leading third-party cybersecurity experts to support the Company’s response to the incident.

The Company has commenced a review of potentially impacted files. That review is in its early stages. The Company is unable to determine the total number of affected individuals until that review is completed. The potentially impacted files contain claims information, health information, social security numbers, and/or other personal information, related to customers, beneficiaries, employees, agents, and other individuals in its U.S. business. The Company anticipates notifying regulators and providing appropriate notifications to individuals affected by this incident. Individuals will be offered free credit monitoring and identity theft protection services.

At this time, the full scope and potential ultimate impact on the Company are not known.

To read the complete article see: Aflac notifies SEC of breach suspected to be work of Scattered Spider