The insurance industry, long deemed a secure vault for sensitive personal and health data, is now unfortunately facing a surge of cyberattacks rooted in social engineering. Rather than technical vulnerabilities, these assaults exploit human trust through phone calls, phishing, and impersonations.
Prime examples of this trend were three attacks on U.S. insurance companies in June 2025 alone, where hackers used deceptive tactics to infiltrate networks and extract customer records.
Earlier this month, three major U.S. insurance providers serving millions policyholders detected suspicious activity on their networks. The breaches were quickly contained within hours, and fortunately no ransomware was deployed.
Official statements noted that the attackers used social engineering tactics, manipulating employees to gain system access. Potentially compromised data includes Social Security numbers, health and claims data, and personal information of customers, agents, and employees.
In response to the breaches, the companies have offered impacted customers credit monitoring and identity protection services. The rapid detection and containment by these enterprises are commendable, and at the same time, the human deception vector highlights an alarming vulnerability: social engineering is now a principal method of cyberattack.
These incidents suggest a concerted assault on the insurance ecosystem in June 2025, primarily via social engineering of insurance companies, specifically a coordinated effort to exploit similar human-centric failure points across organizations.
A singular attack group has emerged as a dominant threat actor in the insurance space. Google’s Threat Intelligence Group (GTIG) has issued alerts noting multiple intrusions into U.S. insurance firms, using the same social engineering playbook used in this threat actor’s prior retail-centric campaigns.
Key characteristics of their method include:
Experts warn that insurance companies are attractive due to their data wealth, combining private health, identity, and financial records, and their reliance on large, sometimes loosely managed remote-service infrastructures.
While the recent wave targets U.S. insurers, social engineering has long been used globally within the sector. A well-documented 2024 India scam saw fraudsters posing as Insurance Regulatory Development Authority staff on WhatsApp voice calls, deceiving a retired man into transferring the equivalent of $290k U.S. citing fake recovery assistance. This scheme leveraged trust and impersonation—textbook social engineering.
On a broader scale, companies worldwide face common threats:
Social engineering is no longer abstract—it's a clear priority threat. The recent attacks are further proof of just how easily human trust can be weaponized and staff-level vulnerabilities are exploited.
These events aren't mere anomalies, they are the early signals of a broader campaign aimed at the human gatekeepers of sensitive data. To safeguard the industry's future, enterprise companies must evolve beyond legacy security tech to safeguard their people.
Doppel was built to protect brands, executives and consumers from social engineering attacks and leading companies trust Doppel to prevent social engineering at scale.
To learn more about Doppel, request a demo.