Aflac Inc. said on Friday that cybercriminals broke into its U.S. network last week, potentially compromising files containing Social Security numbers, health claims and other personal information for customers, employees and agents. The insurer detected “suspicious activity” on June 12 and invoked its incident-response plan, stopping the intrusion within hours, according to a regulatory filing and company statement. The Columbus, Georgia-based company has enlisted external cybersecurity specialists and notified law-enforcement agencies. While the review is in its early stages, Aflac said it cannot yet determine how many individuals were affected. It is offering 24 months of free credit monitoring, identity-theft protection and Medical Shield coverage to anyone who contacts a dedicated call center. Aflac attributed the breach to a “sophisticated cybercrime group” that used social-engineering tactics—a hallmark of the hacker collective known as Scattered Spider, which security researchers say is currently targeting insurance providers. Erie Insurance and Philadelphia Insurance Companies reported similar incidents earlier in June, underscoring a broader campaign against the sector. The attack did not involve ransomware and did not disrupt Aflac’s operations. The company, which provides supplemental coverage to more than 50 million policyholders worldwide and is valued at roughly $55 billion, saw its shares fall about 1.3% in pre-market trading following the disclosure.