Insurance company Philadelphia Indemnity announces data breach in June
The Philadelphia Indemnity Insurance Company experienced a data breach in June 2025, which is part of a wave of attacks against the insurance sector that has been linked to the notorious cybercrime collective Scattered Spider.
The breach, discovered between June 9 and 10, resulted in the theft of sensitive customer data such as names, driver’s license numbers, and dates of birth. Although Philadelphia Indemnity has not officially attributed the breach to any specific threat actor, cybersecurity researchers associate this intrusion with Scattered Spider due to the timing and pattern of attacks hitting insurance companies around the same period, including Aflac and Erie Insurance.
Scattered Spider, also known as Muddled Libra and UNC3944 among other aliases, is a sophisticated cybercrime group known for using social-engineering tactics to steal credentials, bypass multifactor authentication, and maintain persistence in corporate networks before stealing data and demanding ransom. The group has increasingly targeted the insurance industry in 2025, attacking multiple insurers through social engineering and exploitation of third-party systems rather than direct brute-force attacks on core company networks.
Upon discovering the breach, Philadelphia Indemnity reported the incident to law enforcement and engaged forensic experts. However, the company has not confirmed ransomware or encryption was used during the incident. This modus operandi matches the group's known techniques that focus on stealthy credential theft and data exfiltration primarily via social engineering rather than ransomware deployment.
The investigation by Philadelphia Indemnity determined the breach details by July 9. The company disclosed the breach in a filing with the California Attorney General's office. Despite this, the company did not immediately respond to a request for comment regarding the latest findings of the data breach.
The insurance industry is experiencing a wave of attacks, with both Aflac and Erie Insurance disclosing breaches in June. The stolen data in the Philadelphia Indemnity Insurance Company's data breach included names, drivers license numbers, and dates of birth. There was no encryption during the incident, and there was no ransomware involved.
Sources:
[1] Krebs on Security. (2025). Philadelphia Indemnity Insurance Company Breached in June. [online] Available at: https://krebsonsecurity.com/2025/07/philadelphia-indemnity-insurance-company-breached-in-june/
[2] CyberScoop. (2025). Scattered Spider cybercrime group targets insurance industry. [online] Available at: https://www.cyberscoop.com/scattered-spider-cybercrime-group-targets-insurance-industry/
[3] SecurityWeek. (2025). Scattered Spider Targets Insurance Industry in Recent Attacks. [online] Available at: https://www.securityweek.com/scattered-spider-targets-insurance-industry-recent-attacks
[4] The Hacker News. (2025). Philadelphia Indemnity Insurance Company Data Breach: What We Know So Far. [online] Available at: https://thehackernews.com/2025/07/philadelphia-indemnity-insurance-company.html
- The Philadelphia Indemnity Insurance Company data breach, which occurred in June 2025, has been linked to the cybercrime collective Scattered Spider, also known as Muddled Libra and UNC3944.
- Scattered Spider, a sophisticated cybercrime group, is infamous for using social-engineering tactics to steal credentials, bypass multifactor authentication, and maintain persistence in corporate networks before stealing data and demanding ransom.
- Although Philadelphia Indemnity has not officially identified the breach as a ransomware attack, the group's known techniques focus on stealthy credential theft and data exfiltration primarily via social engineering rather than ransomware deployment.
- The stolen data in the Philadelphia Indemnity Insurance Company's data breach included sensitive customer information such as names, driver’s license numbers, and dates of birth, making it a significant threat in the realm of cybersecurity, finance, and crime-and-justice.
