'Under siege': Aflac stock dips, rebounds as company announces cybersecurity breach
The company announced Friday morning it had fallen victim to a cybersecurity attack on June 12.
Aflac Incorporated’s (NYSE: AFL) stock momentarily dipped by 1.4 points at the market’s opening on Friday after the company announced in a pre-market press release that it discovered “suspicious activity” on its U.S. platforms on June 12.
While it is yet to be determined how many accounts have been compromised, Aflac disclosed that the information potentially at risk includes social security numbers, clients’ health details and insurance claims.
The company believes the cyberattack was subdued in a matter of hours, and an investigation is under way. In a statement to Business News Unraveled, Aflac wrote it is too early in the process for the company to predict how long the investigation will take.
The company further attributed its swift response to its cybersecurity system and explained that no malware or ransomware was leaked into Aflac’s networks, allowing the company to continue its regular operations on Friday.
Aflac additionally mentioned that the attack was executed by a “sophisticated cybercrime group” that sought to target the insurance industry.
“This attack was perpetrated by a highly sophisticated and well-known group that has the insurance industry under siege,” Aflac wrote to Business News Unraveled.
Days ahead of the attack, Google’s Threat Intelligence Group warned insurance companies to remain vigilant, as one group called Scattered Spider, or UNC3944, had been targeting several sectors in the U.S. and U.K., Newsweek reported. While the article and Aflac’s press release both referenced social engineering schemes as the perpetrators’ gateway to entry, it is not determined if this group was responsible for the attack on Aflac.
Through the duration of the investigation, Aflac is offering clients who dial its call center access to free credit monitoring, identity theft protection and services with Medical Shield for 24 months.
“We did not want to wait to inform our customers because we wanted them to access as soon as possible … the resources we are offering for protection,” Aflac wrote to Business News Unraveled. “This is why we did this voluntary disclosure.”
The company filed this incident with the Securities and Exchange Commission through Item 8.01, an all-encompassing form for disclosures to the SEC. This choice falls in line with a 2023 recommendation that companies cite cybersecurity incidents with an undetermined material impact under Item 8.01, instead of the cybersecurity disclosure Item 1.05.
As of 11:55 a.m., Aflac’s stock rebounded to its highest value since June 6 at $103.58.