The Wall Street Journal reports that Aflac is investigating a breach that may have exposed claims information, health details, Social Security numbers, and other personal data.
That’s the kind of sensitive personal information you would expect your insurer to protect, not accidentally hand over to cybercriminals.
According to Aflac, the attack came from a “highly sophisticated and well-known group that has the insurance industry under siege”
Under siege? Sounds like they’ve been watching too many Steven Seagal movies (note to self: one Steven Seagal movie is too many…)
But what’s more upsetting than that is the claim that the hackers are “highly sophisticated.”
Is that because they exploited a zero day vulnerability? No.
Is it because they have an evil genius on their team who created some undetectable malware? Nope.
Chances are that this is the same hacking gang (Scattered Spider) behind recent data breaches at Marks & Spencer, Victoria’s Secret and other retailers, as well as attacks targeting insurance firms across the USA.
Scattered Spider uses the “highly sophisticated” method of phoning a support desk claiming to be a locked out employee, and asking to be granted access to the network. Maybe with a slice of phishing, SIM swapping, and multi-factor authentication (MFA) bombing.
Really not that sophisticated at all…
