Cyberattackers Are Now Targeting U.S. Insurance Companies
A well-known hacking group called Scattered Spider has turned its attention to a new target: U.S. insurance companies. If you’re in the industry, this is a red flag that shouldn’t be ignored.
Why This Matters
Scattered Spider is not your average group of hackers. They’re organized, focused, and patient. They don’t go after random businesses. Instead, they pick one industry at a time, study it, and break in using very clever tricks—mostly by fooling employees into giving them access.
Now, they’ve moved from retail companies in the U.K. and U.S. to the insurance sector.
Two Big Insurance Companies Just Got Hit
- Philadelphia Insurance found out on June 9 that hackers had broken into their systems. Their website and services are still disrupted.
- Erie Insurance experienced a similar incident on June 7, caused by suspicious activity on their network.
These aren’t isolated events—they’re likely part of a larger campaign by Scattered Spider.
How These Hackers Get In
This group doesn’t rely on fancy computer viruses. They trick people—plain and simple.
Some of their tactics include:
- Pretending to be IT or help desk staff
- Sending fake emails or text messages
- Calling employees and asking them to reset passwords
- Overwhelming employees with login requests to get them to approve access by mistake
Once they’re in, they may steal sensitive data, lock down systems, or threaten to leak information unless a ransom is paid.
What You Can Do to Protect Your Business
Whether you’re in insurance or another industry, these steps can make a big difference:
1. Train Your Staff
Make sure your team knows how to spot suspicious calls, texts, or emails—especially if someone is pretending to be from IT.
2. Double-Check Password Resets
Don’t make it easy for attackers to reset passwords or bypass security. Always confirm someone’s identity before making changes.
3. Add Extra Layers of Security
Use two-step logins (like a password plus a phone confirmation) for all accounts, especially ones with access to sensitive information.
4. Watch for Unusual Activity
Keep an eye out for sign-ins from strange locations or devices. It’s often the first sign that something’s not right.
Bottom Line
Hackers are getting smarter—and more targeted. The insurance industry is now in their sights, and companies need to act fast to protect customer data and maintain trust.
This is a serious warning, not just for insurance firms, but for any organization that handles sensitive information. Cyberattacks today don’t just come through software—they come through people. Make sure your team is ready.
