Aflac(US:AFL) PYMNTS.com·2025-12-23 22:57Core Insights - Aflac reported that a cybersecurity incident impacted personal information associated with 22.65 million individuals within its U.S. business [1][6] Group 1: Incident Details - The company identified suspicious activity on its U.S. network in June, initiated cyber incident response protocols, and stopped the intrusion within hours [4] - Aflac's systems were not affected by ransomware, and its business operations remained intact during the incident [4] - The review of potentially impacted files revealed that the information included names, contact information, claims information, health information, Social Security numbers, and other personal data [7] Group 2: Response Measures - Following the detection of the security incident, Aflac secured potentially impacted accounts, reset passwords, and monitored for suspicious activity [3] - The company provided customers with credit monitoring, identity theft protection, and medical fraud protection early in its response to the incident [8] - Aflac began notifying individuals affected by the incident as part of its response strategy [3][6] Group 3: Industry Context - Aflac indicated that the attack was part of a broader cybercrime campaign targeting the insurance industry, attributed to a sophisticated cybercrime group [5] - According to the FBI's Internet Crime Complaint Center (IC3), personal data breaches were among the top three types of cybercrime reported by victims in 2024 [8] - Data breaches were also identified as one of the top two most reported cyber threats among critical infrastructure organizations, as per IC3's "Internet Crime Report 2024" [9]