Aflac has suffered a major data breach that may have exposed personal information from millions of customers. The company reported on Friday that cybercriminals accessed its network using deceptive social engineering tactics.

Aflac said it discovered the suspicious activity on June 12 and moved quickly to stop the intrusion. The company stressed that this was not a ransomware attack and that its systems are still fully operational.

Officials have not yet confirmed how many individuals were impacted or what specific data was taken. However potential losses include Social Security numbers insurance records and private health details.

Investigators believe the hacking methods used are consistent with a group known as Scattered Spider. This group often poses as tech support to manipulate employees into giving up system access.

EXPERTS WARN OF RISING THREAT IN INSURANCE INDUSTRY

Cybersecurity teams say Scattered Spider has been behind several recent high-profile attacks including incidents involving Erie Insurance and Philadelphia Insurance Companies. All three companies were attacked within weeks of each other.

Aflac is working with third-party security firms to investigate the full impact and improve defenses. It also warned other companies to train staff to recognize suspicious behavior and avoid giving sensitive access over the phone.

“This attack like many insurance companies are currently experiencing was caused by a sophisticated cybercrime group,” Aflac stated in its release.

Cyber experts have raised alarms over Scattered Spider’s tactics especially their ability to impersonate internal help desk workers. The group is mostly made up of young individuals from the US and UK and has been linked to past attacks on major retailers and casinos.