91³Ô¹ÏÍø

Watch CBS News
MoneyWatch

Aflac says hackers may have stolen customers' claims info, including Social Security numbers

By
Mary Cunningham
Reporter, MoneyWatch
Mary Cunningham is a reporter for CBS MoneyWatch. She previously worked at "60 Minutes," CBSNews.com and CBS News 24/7 as part of the CBS News Associate Program.
Read Full Bio
Mary Cunningham

/ CBS News

Aflac on Friday said hackers have gained access to its customers personal information in a cybersecurity attack last week.

The company, which provides millions of customers with accident, life and health insurance policies, confirmed the June 12 incident in a on Friday, saying it was committed by a "sophisticated cybercrime group" that used "social engineering tactics" to gain access to its network. 

While Aflac said it's unable to determine how many people have been affected as of yet, it noted that claims information, health information, Social Security numbers and other personal information were possibly compromised.

The insurer said it stopped the intrusion after identifying suspicious activity on its U.S. network and that its systems were not affected by ransomeware. "We promptly initiated our cyber incident response protocols and stopped the intrusion within hours," the company said.

Aflac is the latest company to be targeted in a recent wave of cybersecurity attacks, which have grown more advanced in recent years. Two insurers,  and , announced their networks were hacked earlier this month. "This was part of a cybercrime campaign against the insurance industry," Aflac wrote on Friday.

Hackers over the years have expanded their target list to include cities and municipalities, hospitals, hotels and casinos, as reported by CBS News' 60 Minutes. Last year, a cyberattack on UnitedHealth Group cost providers an estimated $100 million a day.

Aflac said it launched an investigation led by third-party cybersecurity experts and is reviewing "potentially impacted files." In the meantime, it is offering customers free credit monitoring and identity theft protection, and Medical Shield for 24 months. 

Aflac's business remains operational, the company confirmed. "We continue to serve our customers as we respond to this incident and can underwrite policies, review claims and otherwise service our customers as usual," the company said.

Consumers interested in additional information on the hack, can call Aflac's dedicated call center at 1-855-361-0305, Monday through Friday from 9 a.m. – 9 p.m. EST, Saturday from 9 a.m. – 5:30 p.m. and Sundays from 10 a.m. – 4 p.m. The call center will be available until the end of June.

Edited by Anne Marie D. Lee

In:

© 2025 91³Ô¹ÏÍø. All Rights Reserved.

View CBS News In
CBS News App Open
Chrome Safari Continue
const link = doc.createElement('link'); link.rel = 'stylesheet'; link.href = '/fly/fly/bundles/cbsnewscontent/css/cmp-banner.min.css?v=50747257b890e014813016b79ece0fb2'; doc.head.appendChild(link); doc.body.innerHTML = CONSENT_MESSAGE; } else { el.insertAdjacentHTML('afterend', CONSENT_MESSAGE); } }); } function hidePrivacyMessage() { // Remove from the main document document.querySelectorAll(`.${CONSENT_MESSAGE_CLASS}`).forEach(el => el.remove()); // Remove from inside any iframes document.querySelectorAll('iframe').forEach(iframe => { const doc = iframe.contentDocument || iframe.contentWindow.document; doc.querySelectorAll(`.${CONSENT_MESSAGE_CLASS}`).forEach(el => el.remove()); }); } function activateGatedScripts() { // Handle both new format (cmp-gated-script) and old OneTrust/Ketch format (optanon-category-4) const gatedScripts = Array.from(document.querySelectorAll('script.cmp-gated-script, script.optanon-category-4')); // Activate scripts sequentially with a small delay to avoid timing issues let delay = 0; gatedScripts.forEach(function(placeholder, index) { setTimeout(function() { // Skip if already processed if (placeholder.hasAttribute('data-cmp-processed')) { return; } placeholder.setAttribute('data-cmp-processed', 'true'); const newScript = document.createElement('script'); newScript.type = 'text/javascript'; // Try new format first (data-cmp-src), then fall back to old format (data-src) const src = placeholder.getAttribute('data-cmp-src') || placeholder.getAttribute('data-src'); if (src) { newScript.src = src; } else if (placeholder.textContent) { // Inline script - just copy the content newScript.textContent = placeholder.textContent; } // Handle new format attributes (data-cmp-attrs) - for both inline and external scripts const attrs = placeholder.getAttribute('data-cmp-attrs'); if (attrs) { const tempDiv = document.createElement('div'); tempDiv.innerHTML = '
<\/div>'; const tempAttrs = tempDiv.firstChild.attributes; for (let i = 0; i < tempAttrs.length; i++) { // For external scripts, allow defer/async. For inline scripts, skip them (not valid) if (src || (tempAttrs[i].name !== 'async' && tempAttrs[i].name !== 'defer')) { newScript.setAttribute(tempAttrs[i].name, tempAttrs[i].value); } } } // Copy other attributes from old OneTrust format for (let i = 0; i < placeholder.attributes.length; i++) { const attr = placeholder.attributes[i]; // Skip attributes we've already handled or don't want to copy if (!['class', 'data-src', 'data-type', 'data-cmp-src', 'data-cmp-attrs', 'data-cmp-processed', 'type', 'async', 'defer', 'src'].includes(attr.name)) { newScript.setAttribute(attr.name, attr.value); } } placeholder.parentNode.replaceChild(newScript, placeholder); // If external script, manually trigger window.onload handlers after it loads // This handles widgets that use window.onload for initialization if (src) { newScript.addEventListener('load', function() { // If page already loaded and script set a new onload handler, trigger it if (document.readyState === 'complete' && window.onload) { const originalOnload = window.onload; window.onload = null; // Clear temporarily to prevent loops originalOnload(); // Execute the handler } }); } }, delay); delay += 500; // 500ms delay between each script to allow full loading }); } cbsoptanon.onScriptsReady(function(cmp) { cmp.ot.targetingAllowed(function(allowed) { if (!allowed) { showPrivacyMessage(); } else { activateGatedScripts(); } }); cmp.ot.awaitInitialConsent(function(consent_model) { cmp.ot.addOnConsentChangedHandler(function() { cmp.ot.targetingAllowed(function(allowed) { if (allowed) { hidePrivacyMessage(); activateGatedScripts(); } else { showPrivacyMessage(); } }); }); }); });