On June 12, 2025, Aflac insurance company’s US network was compromised via social engineering. The attack is attributed to Scattered Spider, a financially motivated English-speaking group known for vishing attacks against IT help desks. The intrusion was detected and contained within hours, preventing ransomware deployment. At least 22.65 million individuals had personal and health data stolen, including names, SSNs, dates of birth, health records, government-issued IDs, and driver’s license details. Aflac stated the attack was part of a broader ‘campaign against the insurance industry.’ HHS OCR breach report listed 13.9 million PHI records. Described as part of a wave of insurance sector social engineering attacks also targeting Allianz Life. No ransom paid.