(Bloomberg) --Aflac Inc. said a recent cybersecurity breach could have given intruders unauthorized access to customers' personal information, including Social Security numbers, as well as health and claims data.
The insurer also said Friday it contained the hack within hours of its discovery on June 12 and had hired cybersecurity experts to address the breach.
The company brought in CrowdStrike Holdings Inc., according to a person familiar with the matter, who requested anonymity because the information isn't public.
It's unclear how long the unauthorized activity on Aflac's network lasted before it was discovered. Aflac didn't immediately respond to a request for comment.
The company said determining the number of affected individuals will require a review of files but anticipated notifying regulators and individuals impacted by the incident. Affected customers will be offered free credit monitoring and identity theft protection services, Aflac said.
The insurer said its investigation so far indicates that intruders used social engineering tactics to gain access to the network but didn't demand a ransom.
The breach coincides with a wave of hacks on retail, insurance and health care companies.
"This attack, like many insurance companies are currently experiencing, was caused by a sophisticated cybercrime group," Aflac said in a separate statement. "This was part of a cybercrime campaign against the insurance industry."
Since the start of June, insurance providers Blue Shield of California, Lemonade and others reported data-security breaches, according to a listing of such incidents
On Monday, Google's cyber threat intelligence arm said it had become aware of multiple intrusions that bore the hallmark of a hacking group known as Scattered Spider. The group appeared to have moved from targeting retail businesses to insurance companies in recent days.
"Given this actor's history of focusing on a sector at a time, the insurance industry should be on high alert," said John Hultquist, chief analyst at the Google Threat Intelligence Group.
