Aflac says that it has identified suspicious activity on its network in the U.S. that may impact Social Security numbers and other personal information, calling the incident part of a cybercrime campaign against the insurance industry.
The company said Friday that the intrusion was stopped within hours.
“We continue to serve our customers as we respond to this incident and can underwrite policies, review claims, and otherwise service our customers as usual,” Aflac said in a statement.
The company said that it’s in the early stages of a review of the incident, and so far is unable to determine the total number of affected individuals.
Aflac Inc. said potentially impacted files contain claims information, health information, Social Security numbers, and other personal information, related to customers, beneficiaries, employees, agents, and other individuals in its U.S. business.
The Columbus, Georgia, company said that it will offer free credit monitoring and identity theft protection and Medical Shield for 24 months to anyone that calls its call center.
Cyberattacks against companies have been rampant for years, but a string of attacks on retail companies have raised awareness of the issue because the breaches can impact customers.
United Natural Foods, a wholesale distributor that supplies Whole Foods and other grocers, said earlier this month that a breach of its systems was disrupting its ability to fulfill orders — leaving many stores without certain items.
In the U.K., consumers could not order from the website of Marks & Spencer for more than six weeks — and found fewer in-store options after hackers targeted the British clothing, home goods and food retailer. A cyberattack on Co-op, a U.K. grocery chain, also led to empty shelves in some stores.
A security breach detected by Victoria’s Secret last month led the popular lingerie seller to shut down its U.S. shopping site for nearly four days, as well as to halt some in-store services. Victoria’s Secret later disclosed that its corporate systems also were affected, too, causing the company to delay the release of its first quarter earnings.
The North Face said that it discovered a “small-scale credential stuffing attack” on its website in April. The company reported that no credit card data was compromised and said the incident, which impacted 1,500 consumers, was “quickly contained.”
Adidas disclosed last month that an “unauthorized external party” obtained some data, which was mostly contact information, through a third-party customer service provider.
