Aflac Discloses Data Breach After Japan Subsidiary Hack, Exposing Sensitive Customer Info
Insurance giant Aflac has revealed a significant data breach after attackers compromised its Japan subsidiary’s systems and stole personal and financial information from millions of customers. The company, which is the largest supplemental insurance provider in the United States, disclosed the incident in a filing with the US Securities and Exchange Commission (SEC) on Monday.
The breach occurred when threat actors gained access to Aflac Japan’s systems between June 15th and 25th. Upon discovering the unauthorized access, Aflac Japan promptly took steps to contain the incident and prevent further intrusion by suspending certain systems. The company is now working with external cybersecurity experts to investigate the incident and has alerted Japanese authorities.
According to Aflac, the compromised data includes policy and coverage details, personal information, and bank account numbers. While the company assures that its US business systems were not accessed by the attackers, the full scope of the breach and potential impact on customers are still unknown.
This is not Aflac’s first data breach incident. Last year, the company disclosed a separate breach that was attributed to a Scattered Spider attack, which has been linked to other high-profile breaches in the insurance industry. The attackers have also partnered with ransomware operations, highlighting the sophistication and reach of these threat actors.
The incident serves as a reminder for companies to prioritize cybersecurity measures and regularly test their defenses against potential threats. Aflac’s experience demonstrates that even large corporations can fall victim to data breaches, emphasizing the need for vigilance in today’s digital landscape.
Security teams often struggle to detect attacks, with 54% of successful breaches going unnoticed until it’s too late. Regular breach and attack simulation tests can help identify weaknesses in SIEM and EDR rules, allowing organizations to stay one step ahead of attackers. As Aflac navigates this incident, the company’s customers and investors will be watching closely to see how it responds to this data breach.
In practical terms, individuals affected by the breach should remain vigilant for signs of identity theft or financial fraud. Aflac has promised to notify impacted customers and provide support in response to the incident. As for companies like Aflac, the incident serves as a stark reminder of the importance of robust cybersecurity measures and ongoing threat monitoring.
Source: Bleeping Computer — 2026-06-30