Aflac said Friday that cybercriminals breached its computer systems, potentially exposing some of the most personal data — including Social Security numbers and health care information — of an unknown number of Americans and marking the latest in a recent string of online attacks against insurance companies.

The Columbus, Georgia-based insurance provider said that it detected suspicious activity on its US networks, quickly responded to it and managed to stop the online intruders “within hours.” Aflac added that its business remains operational and that its systems were not infected with ransomware.

Aflac is the latest and biggest insurance company to so far be targeted by cybercriminals. Philadelphia Insurance and Erie Insurance were hit by cyberattacks this month and have yet to resume full operations. 

“This attack, like many insurance companies are currently experiencing, was caused by a sophisticated cybercrime group,” Aflac said in a statement without providing details to back that claim. “This was part of a cybercrime campaign against the insurance industry.”

Aflac said that it’s working with outside cybersecurity experts to investigate the breach. It’s in the process of determining which of its files were potentially compromised and how many people may have been affected. The potentially affected files could include customer data like Social Security numbers, insurance claims, health information and other personal details. Information about Aflac’s employees, agents and other people involved in its US businesses could also be compromised, the company said. 

While that investigation is still in its early stages, Aflac said it appears that the attackers gained access to its networks through a social engineering attack, where instead of breaking into a computer system attackers will often pose as someone in authority, like an executive or IT worker, to trick an employee into handing over their legitimate login credentials. 

John Hultquist, chief analyst for Google’s Threat Intelligence Group, said the recent attacks against the insurance companies “bear all the hallmarks” of the Scattered Spider cybercrime group, which has been tied to high-profile attacks against financial services, telecommunications and Las Vegas casinos and hotels. 

“Given this actor’s history of focusing on a sector at a time, the insurance industry should be on high alert, especially for social engineering schemes which target their help desks and call centers,” Hultquist said in a statement. 

While it’s yet to be determined exactly who has been affected and how bad the damage could be, Aflac has taken the unsual step of already offering to provide free credit monitoring, identity theft protection and Medical Shield coverage for 24 months to customers who contact its call center at 855-361-0305.

Aflac is the largest provider of supplemental health insurance in the US and has a global customer base of about 50 million people.