Insurance giant Aflac is notifying approximately 22.65 million people that their personal information—including Social Security numbers, driver’s license numbers, and medical insurance data—was stolen in a sophisticated cyberattack. The breach originated in June 2025 but the full scope was only recently finalized following a detailed forensic investigation.
Business Impact
For your financial and insurance clients in Bahrain, this is a wake-up call regarding “Long-Tail” breach discovery. The reputational damage and the cost of 24 months of free credit monitoring for 22 million people will be astronomical. It also highlights the insurance industry as a high-value target for groups like ‘Scattered Spider’.
Why It Happened
The attack was part of a broader campaign against the insurance sector. While file-encrypting ransomware was not deployed, the attackers focused on silent data exfiltration, likely bypassing traditional detection by focusing on privileged account compromise rather than malware execution.
Recommended Executive Action
Mandate a “Data Inventory Audit” to identify exactly where SSNs and ID numbers are stored. Implement strict egress filtering and data loss prevention (DLP) tools to flag large-scale unusual data movements to unauthorized external endpoints.
Hashtags: #Aflac #DataBreach #InsuranceSecurity #ScatteredSpider #IdentityTheft #CyberSecurity #InfoSec