A sophisticated hacking group has reportedly compromised American insurance company Aflac, putting customers’ personal information at risk.
The company is investigating a breach on its US network with characteristics consistent with the hacking collective known as the Scattered Spider, Reuters reports.
-->The group, sometimes referred to as “UNC3944,” is believed to be mostly made up of young adults and based in the US and the UK. It’s known to have made several other high-profile breaches targeting Visa, Marks & Spencer, PNC Financial Services Group Inc. and several others.
An Aflac spokesperson says the firm is still in the early stages of reviewing the attack and that it is not yet ready to divulge information relating to the number of affected customers or how long the investigation will go on.
Aflac, which offers accident and pet insurance plans in the US and Japan to its 50 million users, has now potentially exposed its customers’ personal information, including their Social Security numbers and health-related information.
Steve Cagle, CEO at healthcare security firm Clearwater, says that Scattered Spider’s specialty seems to be social engineering techniques, such as tricking help desks into resetting credentials and bypassing multi-factor authentication.
The group is also known to be expert SIM swappers, which is when a hacker takes control of a target’s mobile phone plan in order to receive their 2FA (two-factor authentication) codes and log in to their accounts.
Noah Michael Urban, a member of the group, was recently ordered to pay back $13.2 million to 59 victims after being charged with masterminding a SIM swapping scheme, according to The Register.
Urban is currently facing 20 years in federal prison on each wire fraud charge.
