Having your sensitive data stolen in a cyberattack is bad enough, but imagine waiting six months just to find out about it. Well, that’s exactly what happened with a major data breach at the insurance giant Aflac.
As reported by Cybernews, after suffering a data breach back in June of this year, Aflac is now notifying 22.65 million individuals about the breach after completing its investigation into the matter. The incident occurred on June 12 when the Scattered Spider ransomware group managed to breach the company’s systems.
Here’s everything you need to know about this new data breach along with how to see if you’re affected and the steps you need to take right now to stay safe.
SSNs, health records and insurance info exposed
Back in June, Aflac put out a press release with some but not all of the details on this breach. While the insurance giant disclosed that it was hit by a cyberattack, it didn’t reveal who was responsible nor how many people were affected.
Now though, in a new update (PDF), Aflac has confirmed what data was stolen along with the fact that approximately 22,652,430 individuals — including its customers, their beneficiaries, and its employees and agents — are all impacted. Here is all of the data obtained by Scattered Spider in this breach:
- Full names
- Addresses
- Social Security numbers
- Dates of birth
- Driver’s license numbers
- Government ID numbers
- Health and medical insurance info
- Insurance claims data
It’s worth noting that the exposed data varies from person to person. While some impacted individuals may have just had their names and addresses exposed, others — like policyholders — may have had their Social Security numbers, medical insurance info, and more stolen.
The main reason it took Aflac this long to reveal the full extent of this breach is because of how varied this stolen data is. According to the company, it took six months to complete a file-by-file review to determine exactly whose sensitive information was in the hands of hackers.
How to stay safe after a major data breach
If you’re an Aflac customer or beneficiary, you’re going to want to keep a close eye on your mailbox. This is because the company is now sending out data breach notification letters to impacted individuals.
In addition to finding out exactly what data of yours was exposed, this letter is very important as Aflac is providing free access to one of the best identity theft protection services for 24 months. Impacted individuals can sign up for credit monitoring, identity theft protection, and medical fraud protection from CyEx Medical Shield. However, you’ll need your notification letter to redeem this offer, as it contains a unique activation code.
The final deadline to enroll in these services is April 18, 2026. You can activate your coverage by visiting aflacsecurityincident[.]com or by calling Aflac’s dedicated call center at 1-855-361-0305.
Besides taking advantage of this offer, you’re also going to want to be extra vigilant when checking your email, messages, and even your physical mailbox. Cybercriminals often use stolen data from a breach to launch targeted phishing attacks. By crafting messages using your actual personal info, hackers can easily convince you to give up even more data, like credit card numbers or account passwords.
Since these phishing messages can also contain malware, you should ensure your PC is protected with the best antivirus software. At the same time, you should strongly consider freezing your credit, as a cybercriminal can commit identity fraud if they have access to your Social Security number.
Getting wrapped up in a data breach can turn your life upside down. However, if you stay on top of things, exercise caution with unknown senders, and sign up for the free protection Aflac is offering, you can significantly lower your risk of falling victim to further scams or attacks.
Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds.
More from Tom's Guide
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
