Michelle Chapman, AP Business Writer
AFLAC says it has identified suspicious activity in a US network that could call the incident portion of its cybercrime campaign against the insurance industry.
The company said Friday that the intrusion ceased within hours.
“We will continue to serve our customers as we respond to this incident, and will be able to undertake policies, review claims, and serve our customers as usual,” Aflac said in a statement.
The company said it was in the early stages of reviewing the case and so far it cannot determine the total number of individuals affected.
AFLAC Inc. said the potentially affected files include billing, health information, social security numbers and other personal information related to customers, beneficiaries, employees, agents and U.S. businesses.
Columbus, Georgia, said it will provide call center callers with free credit surveillance, identity theft protection and medical shields for 24 months.
Cyberattacks on businesses have been ramping for years, but a series of attacks on retailers have raised awareness of this issue as violations can affect customers.
United Natural Foods, a wholesaler supplying Whole Foods and other grocery stores, said earlier this month that violations of its system disrupt its ability to meet orders.
In the UK, consumers were unable to order from the Marks & Spencer website for more than six weeks. There are fewer options in the store after hackers targeted British clothing, homes and food retailers. A cyberattack by British grocery chain Co-op has also led to empty shelves in some stores.
A security breaches detected by Victoria’s Secret last month have led popular lingerie sellers to close US shopping sites for nearly four days and halt in-store services. Victoria’s Secret later revealed that its corporate system was also affected, and the company began to delay the release of its first quarter revenue.
The North Face said it discovered a “small credential stuffing attack” on its website in April. The company reported that credit card data is intact and said the incident that affected 1,500 consumers was “quickly locked up.”
Last month, adidas revealed that “fraudulent external parties” had obtained data, most of their contact information, through third-party customer service providers.
Original issue: June 20, 2025, 11:33am EDT
