Aflac, the insurance giant, reported a significant data breach affecting approximately 22.65 million individuals. The breach occurred in June 2025, with Aflac first noticing suspicious activity on June 12. The company attributed the intrusion to a sophisticated cybercrime group but did not specify which one. They quickly contained the attack, ensuring that their operations remained intact as no ransomware was deployed. By late December, Aflac had completed its investigation and began notifying those affected. The stolen data includes sensitive personal information: names, addresses, Social Security numbers, dates of birth, driver's license numbers, and health insurance details. Aflac stated that the breach involved information related to customers, beneficiaries, employees, and agents. To mitigate potential fallout, the company is offering 24 months of free credit monitoring and identity theft protection services to those impacted. Aflac has not reported any misuse of the stolen data but has urged affected individuals to stay vigilant against identity theft. While Aflac did not name the threat actor, they hinted at a broader trend of attacks targeting the insurance sector, possibly linked to the Scattered Spider hacking group, which had been warned about by Google’s Threat Intelligence Group around the same time. This incident highlights ongoing vulnerabilities in the insurance industry and the persistent threat of cyberattacks targeting sensitive personal information.