The Wall Road Journal studies that Aflac is investigating a breach that will have uncovered claims data, well being particulars, Social Safety numbers, and different private information.
That’s the form of delicate private data you’ll anticipate your insurer to guard, not unintentionally hand over to cybercriminals.
In keeping with Aflac, the assault got here from a “extremely subtle and well-known group that has the insurance coverage trade below siege”
Beneath siege? Feels like they’ve been watching too many Steven Seagal motion pictures (be aware to self: one Steven Seagal film is just too many…)
However what’s extra upsetting than that’s the declare that the hackers are “extremely subtle.”
Is that as a result of they exploited a zero day vulnerability? No.
Is it as a result of they’ve an evil genius on their workforce who created some undetectable malware? Nope.
Chances are high that this is identical hacking gang (Scattered Spider) behind current information breaches at Marks & Spencer, Victoria’s Secret and different retailers, in addition to assaults focusing on insurance coverage corporations throughout the USA.
Scattered Spider makes use of the “extremely subtle” methodology of phoning a help desk claiming to be a locked out worker, and asking to be granted entry to the community. Perhaps with a slice of phishing, SIM swapping, and multi-factor authentication (MFA) bombing.
Actually not that subtle in any respect…
