This Aflac Data Breach Has Put an Unknown Number of Accounts at Risk
Aflac customers may have had their data stolen. Earlier this month, the company suffered a cyberattack that compromised personal data belonging to an unknown number of its roughly 50 million policyholders.
Aflac is just the latest in a string of insurance and health care companies to be targeted by cybercriminals. The group believed to be behind this incident is also reportedly responsible for recent hacks at Philadelphia Insurance Companies and Erie Indemnity. Over the past year or so, major breaches have also been reported at Landmark Admin and Blue Shield of California , among others.
How the Aflac Data Breach Happened
Aflac has not disclosed many details about the cyber incident, which occurred on June 12, except to say that an “unauthorized party” used social engineering to hack the company’s network. Those tactics could have included scamming customer service teams to reset credentials and bypass multi-factor authentication, according to a security expert interviewed by Reuters .
Aflac said the attack lasted several hours and was not ransomware-related. The compromised data may have included claims information, health information, Social Security numbers and other “personally identifiable information” belonging to Aflac customers, beneficiaries, agents and employees.
What to do if your data has been compromised
Since Aflac has not determined how many customers were affected by the breach, the company does not appear to be directly notifying people at this time. However, if you are an Aflac policyholder, you can contact the company’s call center to receive 24 months of free credit monitoring, identity theft protection, and Medical Shield, which specifically focuses on medical and health data that may be at risk of exposure or fraud. According to an Aflac press release describing the incident, any customer who calls is eligible for these services.
The call center is open Monday through Friday from 9:00 AM to 9:00 PM ET, Saturday from 9:00 AM to 5:30 PM ET, and Sunday from 10:00 AM to 4:00 PM ET through the end of June (so call as soon as possible). The phone number is 855-361-0305.
Otherwise, the usual precautions apply after a data breach: Monitor your credit report ( request a free copy every week ) and financial statements — whether you have credit monitoring and identity theft protection set up or not — for signs of unusual activity. You can go as far as freezing your credit and placing a fraud alert on your file.
Be wary of unsolicited communications that may be phishing attempts, and never click on links, open attachments, or interact in any way with text messages, emails, or phone calls from anyone you don’t know. You should also exercise caution if you receive any messages or notifications specifically related to your Aflac account: never provide sensitive information to anyone who contacts you out of the blue, and always go directly to the website to sign in or access your information.