22M Aflac Records Breached: Your Next Hire Could Be Compromised

Aflac is a major U.S.-based insurance company best known for supplemental health and disability insurance, working with both individual policyholders and employers who offer its products as part of their benefits packages. Because Aflac sits in the middle of insurance, payroll, and benefits data, it holds large volumes of sensitive information about customers, employees, and their families, including identifiers, policy details, and claims history.​

On June 12, 2025, Aflac confirmed a massive data breach affecting 22.65 million people. If you've been following the Aflac breach notification in the news, you've likely seen headlines about stolen customer data. But there's a deeper issue affecting hiring teams: the breach exposed complete identity profiles, SSNs, government IDs, driver's licenses, and employment records, that criminals can now use to apply for jobs(TechRadar, 2025).

If you hire people, this matters to you. Here's why.

What Was Exposed in the Aflac Data Breach?

The Aflac breach notification revealed a comprehensive data exposure. Criminals now have access to social security numbers (SSNs), government IDs (driver's licenses and state IDs), names, addresses, and dates of birth for millions of people. Beyond personal identifiers, the Aflac insurance data breach also exposed employment records, health insurance information, and claims data, sensitive details that paint a complete picture of each victim's identity and work history.

The scale is significant: 22.65 million people were affected, including customers, employees, agents, and beneficiaries of Aflac policies. This makes it one of the largest insurance data breaches in recent years (TechRadar, 2025).

The attacker behind this Aflac data breach is Scattered Spider, a hacking group known for stealing credentials and using them to infiltrate organizations. Unlike attackers focused on ransomware or holding data for ransom, Scattered Spider specializes in credential theft and identity exploitation. They sell stolen credentials on dark web forums or use them directly to gain unauthorized system access, making this type of Aflac breach notification particularly dangerous for both individuals and organizations.

Is my data affected in the Aflac breach? If you worked for Aflac, held an Aflac insurance policy, or were listed as a dependent, your information is likely compromised. This creates immediate risk of identity theft and potential for synthetic identity fraud when criminals use your complete identity profile to apply for jobs or open accounts.

Did you now? If your identity is one of the 22.65 million exposed profiles, the chance your data appears in dark web employment marketplaces is now ~1 in 5 (TechRadar, 2025).

“The Aflac breach didn’t just leak static data, it leaked the data that makes someone who they are. That’s a fundamentally different level of exposure”

The Hiring Problem This Creates

Here's the situation, your company has an open job posting. A candidate applies with:

Name: John Smith

SSN: 123-45-6789

Driver's License: Valid government ID

Address: Correct residential address

When your background check runs, everything looks clean: the SSN matches the name in official databases, the government ID passes authentication checks, there is no criminal history, and previous employment records line up, so your process approves the candidate.

The issue is that the person you interview is not actually John Smith but someone using John Smith’s stolen identity, and because the credentials themselves are genuine, your hiring fraud detection process cannot distinguish a legitimate applicant from someone relying on data exposed in the breach.

Example: A logistics firm unknowingly hired an identity thief who later used internal access to route shipments to shell addresses.

Does your hiring team question identity when credentials are perfect?

Why Traditional Background Checks Fail

Let's talk about how hiring normally works:

Step 1: Credential Verification

Your employment screening vendor checks whether the SSN is real and matches the name. With stolen Aflac data, this check passes perfectly.

Step 2: Government ID Authentication

They verify the driver's license is genuine, checking security features, holograms, the watermark. With a stolen but real ID, this check passes perfectly.

Step 3: Background Check

They search criminal records, previous employment, and credit history. If the stolen identity has a clean record, this check passes perfectly.

Step 4: Reference Checks

They call previous employers listed on the resume. If the stolen identity has legitimate work history, this check passes perfectly.

Step 5: Hire the Candidate

The candidate starts work with full system access.

The problem is that every single step of this process is designed to verify that credentials are real. None of it verifies that the person presenting those credentials is the actual owner.

This is the fundamental gap. Your background check vendor is doing their job correctly. They're validating that the SSN and government ID are legitimate. They just can't tell you whether the person claiming to be John Smith is actually John Smith.

Did you know? If your background screening process only verifies credential authenticity, up to ~80% of identity-based hiring fraud attempts can pass undetected (HR.com, 2024).

How would you verify an applicant’s identity without relying on documents?

What This Means for Your Hiring Process

Before the Aflac breach, the risk of someone using stolen credentials to get hired was relatively low. Stolen SSNs and government IDs were uncommon, so if someone had yours, it was noteworthy.

After the Aflac breach, 22.65 million stolen credentials are now in criminal circulation. That's a lot of potential fraudulent job applications.

Your hiring process security now assumes something that may no longer be true, that the person applying for a job is actually the person whose credentials they're presenting.

This creates three problems:

Problem 1: Credential-Based Hiring Fraud

Someone with stolen Aflac credentials can apply for jobs and pass all standard hiring checks. This is hiring fraud, using someone else's identity to gain employment.

Problem 2: Insider Threat Risk

If a fraudulent hire gains access to your systems, especially if they're hired for an IT, HR, or finance role, they can steal data, create backdoors for future attacks, or sabotage systems.

Problem 3: Liability

If your company hires someone using stolen credentials and they cause harm (data theft, financial fraud, violence), you could face a negligent hiring lawsuit. Your background check vendor validated the credentials perfectly, but you still hired someone who wasn't who they claimed to be.

Example: A fraudulent systems admin created backdoor access before resigning; the organization detected the breach six months later.

What behaviors do you monitor during the onboarding window?

Employment Fraud Red Flags You Might Miss

Employment fraud using stolen credentials can evade traditional hiring safeguards because the signals employers rely on often don’t apply. Resume inconsistencies, employment gaps, or criminal history checks may reveal nothing suspicious when an applicant is using another person’s legitimate work history, timelines, and clean records.

In these cases, the usual red flags simply don’t exist, making fraud much harder to detect.This is where employment fraud detection becomes about looking for different signals.

Behavioral inconsistencies

Does the way the candidate types, moves their mouse, or interact with forms match what you'd expect? Behavioral patterns are much harder to fake than credentials.

Video interview red flags

In remote hiring, deepfakes are becoming more sophisticated. Is the person on the video genuinely present, or is it a synthesized video? Is the voice real or artificially generated?

Post-hire anomalies

After someone is hired, do unusual patterns emerge? Strange system access requests? Accessing files outside their job scope? Working at odd hours from unusual locations?

These require different tools and monitoring than traditional background checks provide.

Should remote interviews require liveness checks to confirm authenticity?


What to Do If Your SSN Is Compromised

If your SSN was exposed in the Aflac breach, here are practical steps:

1. Monitor your credit:

Check your credit reports regularly (you can get free reports at annualcreditreport.com). Look for accounts you didn't open.

2. Place a credit freeze

Contact the three major credit bureaus (Equifax, Experian, TransUnion) and place a freeze on your credit. This prevents anyone from opening new accounts in your name without your permission.

3. Consider identity theft monitoring

Services monitor the dark web for your personal information and alert you if it appears in leaked databases. This is especially useful when SSN and government ID data are exposed.

4. Be alert to employment identity theft

Watch for suspicious job offers or communications from employers you didn't apply to. Criminals sometimes use stolen identities to set up fraudulent employment records.

Example: A breach victim learned of fraudulent employment only when the IRS claimed unpaid taxes from a job they never held.

“Employment identity theft often appears first as IRS discrepancies, not account fraud.”

What Your Company Should Do About Hiring

If your organization conducts hiring, the Aflac breach changes what secure hiring means. Here's what to evaluate:

Does your hiring process only verify credentials, or does it verify credential ownership?

Traditional background checks verify that SSNs and government IDs are real. They don't verify that the person presenting them is the actual owner. With 22.65 million stolen credentials now in circulation, these are different problems.

Does your hiring process include behavioral analysis?

If hiring relies solely on credential matching, you won't catch anomalies that suggest identity fraud. Behavioral signals, typing patterns, mouse movement, submission timing, can't be spoofed with stolen credentials.

Does your remote hiring security include liveness detection?

Video interviews are increasingly common, especially post-pandemic. Without deepfake detection and liveness verification (confirming the person is genuinely present), you can't verify identity in remote hiring.

Does your hiring process end at onboarding?

Identity verification shouldn't stop once someone is hired. Continuous monitoring, watching for unusual access patterns, geolocation inconsistencies, or unexpected system requests, can detect fraudulent hires that slipped through initial screening.

Are you working with background check vendors who understand these gaps?

Not all employment screening vendors have updated their processes for large-scale credential breaches. Ask your vendor whether they offer behavioral analysis, liveness detection, or continuous post-hire monitoring.

If authentication is continuous, why isn’t identity verification?Start with a vendor capability assessment focused on behavioral and liveness intelligence.

How Hiring Verification Is Changing

The Aflac breach exposes a fundamental limitation in how hiring verification has traditionally worked: it's based on the assumption that credentials prove identity.

The answer requires looking beyond credentials to behavioral signals, biometric data, and real-time verification. This is what continuous identity verification means in hiring, not just checking credentials once, but validating identity consistently throughout the hiring process and employment.

Evaluate whether your hiring process goes beyond credential validation to include behavioral analysis, liveness detection for video interviews, and continuous post-hire monitoring. These additional layers are increasingly important when large-scale credential breaches mean stolen SSNs and government IDs are widely available.

You don't just need better hiring verification, you need security intelligence embedded in your hiring process. We work with select organizations in these sectors.

You can request an introduction on our website.

References

Aflac Incorporated. (2025). Update related to the June 2025 security incident. Retrieved from https://www.aflac.com/docs/aflac-cyber-incident-6-24-2025.pdf Aflac

PYMNTS. (2025). Aflac says cybersecurity incident involved personal information of 22.65 million people. Retrieved from https://www.pymnts.com/cybersecurity/2025/aflac-says-cybersecurity-incident-involved-personal-information-23-million-people/ PYMNTS.com

TechCrunch. (2025). US insurance giant Aflac says hackers stole personal and health data of 22.6 million people. Retrieved from https://techcrunch.com/2025/12/23/us-insurance-giant-aflac-says-hackers-stole-personal-and-health-data-of-22-6-million-people/ TechCrunch

BenefitsPro. (2025). Aflac’s June cyberattack impacted 22.65M individuals. Retrieved from https://www.benefitspro.com/2025/12/22/aflacs-june-cyberattack-impacted-2265m-individuals/ BenefitsPro

Ledger-Enquirer. (2025). Aflac discloses extent of data breach: More than 22 million customers impacted. Retrieved from https://www.ledger-enquirer.com/news/business/article313947548.html ledger-enquirer.com

SiliconANGLE. (2025). Aflac breach exposes personal and health data of more than 22M people. Retrieved from https://siliconangle.com/2025/12/24/aflac-breach-exposes-personal-health-data-22m-people/ SiliconANGLE

TechRadar. (2025). Aflac reveals personal data of 22.6 million people stolen in cyberattack – here’s what we know. Retrieved from https://www.techradar.com/pro/security/aflac-reveals-personal-data-of-22-6-million-people-stolen-in-cyberattack-heres-what-we-know TechRadar

American Immigration Council. (2025). Trump administration introduces $100,000 supplemental H-1B filing fee. Retrieved from https://www.americanimmigrationcouncil.org/blog/trump-100000-fee-h-1b-visa