US insurance giant Aflac says hackers stole 22.6 million personal and health data

In June, US insurance giant Aflac revealed data breach where hackers stole customers’ personal information, including Social Security numbers and health information, without saying how many victims were affected.

On Tuesday, the company confirmed that it had begun notifying approximately 22.65 million people whose data was stolen in the cyberattack.

In a filing with the Texas Attorney General, Aflac said the stolen data includes customers’ names, dates of birth, home addresses, government-issued identification numbers (such as passports and state ID cards) and driver’s license numbers, as well as Social Security numbers, as well as medical and health insurance information.

And, in a folder Along with the Iowa Attorney General, Aflac said the cybercriminals responsible for the breach “may be affiliated with a known cybercriminal organization; “Federal law enforcement and third-party cybersecurity experts have indicated that this group may have targeted the insurance industry as a whole.”

Given that Scattered Spider, an amorphous collective comprised primarily of young, English-speaking hackers, was targeting the insurance industry at the time of the breach, it’s likely that this is the group Aflac is referring to.

An Aflac spokesperson did not respond to TechCrunch’s request for comment.

The company claims to have around 50 million customers according to its official website.

Aflac was one of several insurance companies hacked around the same time, including data breaches at Erie Insurance And Philadelphia Insurance Companies.