ATTACK ON INSURERS: Zurich Insurance and Aflac faces data breach

The Japanese arms of Zurich Insurance and Aflac were put for sale on BreachForums. The breached data came up on the dark web days after Zurich Insurance CEO Mario Greco said that cyber incidents might no longer be insurable. 

The user who posted the Zurich Insurance data had the information of 2.6 million clients and users, such as name, email, client ID, birthdate, etc. Similarly, the Aflac Japan database has the details of 3.1 million users.  

Zurich Insurance Japan is the regional arm of the Swiss insurance giant. It employs 55,000 people, with customers in 215 countries and territories. Aflac Japan, the subsidiary of the American insurance company, is the seventh-largest player in the Japanese market. 

Insurance and cyber-attacks 

Zurich Insurance data came up twice until now, on December 15 and 28, on BreachForums. Not surprising, though, considering the company’s scale of business and, more importantly, the sector. 

Take a snapshot look at the business handled by the top five insurers of the world based on their net premiums in 2020:  

1. UnitedHealth Group (United States, $201 billion)  
2. Ping An Ins (China, $118 billion)  
3. China Life Insurance (China, $111 billion) 
4. Centene Corporation (United States, $107 billion) 
5. Anthem (United States, $105 billion) 

Insurance businesses are frequently targeted by cyber-criminals because they possess a large amount of personal data about their customers, including sensitive information such as health records and income.  

Cyber-attacks and after-effects  

As insurance companies increasingly shift towards online purchases and renewals, they become more vulnerable to cyber-attacks. The consequences of these attacks can be severe for insurers, including financial losses, reputational damage, and operational issues.  

Customers may also lose trust in the company and choose to take their business elsewhere. While having a cyber insurance policy can provide coverage for data lost in a cyber-attack, it does not prevent the attack from occurring.  

In the digital age, it is important for companies in the service sector to be prepared for the possibility of a data breach and to take steps to protect both their own and their customers’ data.