Skip to main content
A man sees his private data publicly available online, prompting him to consider filing an AI lawsuit

Aflac Cyberattack Investigation | Class Action Data Breach Lawyers

Written by Joseph Lyon on . Posted in Data Breach.

The class action data breach lawyers at The Lyon Firm are investigating a recently reported cyberattack at Aflac and at least two other insurance companies that may have leaked the sensitive personal information of millions of individuals. Contact our attorneys to discuss taking legal action and to learn more about how to protect yourself following a data security incident. We represent clients in all fifty states and offer free consultations and case reviews.

What Happened at Aflac?

Aflac disclosed the recent cyberattack in a June 12, 2025, filing with the U.S. Securities and Exchange Commission (SEC), explaining it had initiated its cybersecurity incident response protocols. An Aflac spokesperson said the company’s review of the attack was in early stages and the nature and scope of the incident is not entirely known.

Aflac (American Family Life Assurance Company), is the largest supplemental insurance provider in the U.S. The company said the compromised data likely includes names, claims information, health information, Social Security numbers, and other personal information related to customers, beneficiaries, employees, agents, and other individuals in its U.S. business.

Google recently warned the group was aiming its sights on US firms, and urged US insurers to watch for social engineering and credential stuffing attacks. Earlier this week, Google’s chief threat analyst warned that the insurance industry should be on alert from attacks from Scattered Spider. The cybercrime group is thought to be behind recent outages at Aflac,  Philadelphia Insurance Companies (PHLY) and Erie Indemnity.

An Aflac spokesperson told Reuters that the characteristics of the incident were consistent with Scattered Spider, a hacking group that has a reputation for targeting multiple companies in a single industry at the same time. The group often scams help desks to reset credentials and bypass multi-factor authentication. In a press release, Aflac stated, “This attack, like many insurance companies are currently experiencing, was caused by a sophisticated cybercrime group,” explained Aflac in a press release about the cybersecurity incident. “This was part of a cybercrime campaign against the insurance industry.”