tl;dr
A sophisticated hacking group known as Scattered Spider has reportedly breached American insurance company Aflac, potentially exposing customers' personal information, including Social Security numbers and health data. The group, believed to consist mainly of young adults in the US and UK, is known ...
Hackers from the sophisticated group known as Scattered Spider have breached Aflac's US network, potentially exposing sensitive customer information, including Social Security numbers and health data. This insurance company, which serves around 50 million users in the US and Japan, is still investigating the scope of the breach and has not revealed the number of affected customers.
Scattered Spider, also identified as “UNC3944,” is primarily composed of young adults based in the US and UK. The group is notorious for leveraging social engineering techniques, such as manipulating help desks to reset credentials and bypass multi-factor authentication. Their expertise in SIM swapping—taking control of victims' mobile phone plans to intercept two-factor authentication codes—makes their attacks particularly dangerous.
This hacking collective has a history of high-profile breaches targeting major corporations like Visa, Marks & Spencer, and PNC Financial Services. One prominent member, Noah Michael Urban, was recently ordered to repay $13.2 million to victims after orchestrating a massive SIM swapping scheme and faces up to 20 years in prison for wire fraud charges.
Aflac has acknowledged the breach but remains cautious as it continues its investigation, highlighting the challenges companies face in protecting customer data against increasingly sophisticated cyber threats. This incident serves as a stark reminder of the evolving tactics hackers use to infiltrate systems and the critical importance of robust cybersecurity measures.