COLUMBUS, Ga.–Insurance company Aflac said personal information associated with 22.65 million people has been affected by a cybersecurity incident within its U.S. business that it originally reported in June.
In a new statement, the company said it has now determined the number of affected people after reviewing the potentially impacted files.
“Following detection of the security incident, Aflac promptly secured accounts identified as potentially impacted and took additional steps, including resetting passwords and further monitoring for signs of suspicious activity,” the company said in the statement. “To date, Aflac is not aware of any fraudulent use of personal information and—along with third-party partners—will continue to monitor any fraudulent activity.”
Aflac said it has begun to notify individuals impacted by the incident, per the release.
‘Stopped Within Hours’
When the company disclosed the cybersecurity incident in June of this year, it said it identified suspicious activity on its U.S. network, initiated its cyber incident response protocols and stopped the intrusion within hours. The company’s systems were not affected by ransomware and its business remained operational.
“This attack, like many insurance companies are currently experiencing, was caused by a sophisticated cybercrime group,” Aflac said in an earlier statement. “This was part of a cybercrime campaign against the insurance industry.”
