Insurance giant Aflac discloses data breach after subsidiary hack

American insurance giant Aflac has suffered a significant blow with a newly disclosed data breach, which was triggered by an attack on its Japan subsidiary’s systems. The incident has left millions of customers in the United States and Japan vulnerable to identity theft and financial loss.

The breach, which occurred between June 15th and 25th, allowed threat actors to access sensitive information stored on Aflac Japan’s systems, including policy and coverage details, personal information, and bank account data. The affected individuals are still unknown at this point, but the company has assured that it will notify them promptly once the investigation is complete.

Aflac Japan, a wholly owned subsidiary of the insurance giant, discovered the unauthorized access on June 25th and immediately took steps to contain the incident by suspending certain systems. Despite these efforts, some sensitive information may have been compromised, putting customers at risk of identity theft and financial loss.

The investigation is ongoing, with Aflac working closely with external cybersecurity experts to determine the full scope and potential impact of the breach. The company has also alerted Japanese authorities and will provide necessary notifications to affected individuals.

This incident is particularly concerning given that it follows a similar data breach at Aflac last year, which was attributed to a Scattered Spider attack. This threat group has been linked to multiple high-profile breaches in recent years, including those affecting major companies such as MGM Resorts, DoorDash, and Reddit.

The security landscape is becoming increasingly complex, with sophisticated threat actors using various tactics to breach even the most secure systems. As seen in this incident, a single subsidiary can be vulnerable to attacks, which can have far-reaching consequences for customers and businesses alike.

In light of this incident, it’s essential for individuals to remain vigilant and take proactive measures to protect their sensitive information. Regularly monitoring bank accounts and credit reports can help detect any suspicious activity early on. Moreover, being cautious when sharing personal data online and using strong passwords can also reduce the risk of identity theft.

By staying informed about potential security threats and taking necessary precautions, individuals can minimize the impact of such incidents and maintain their financial well-being.


Source: Bleeping Computer — 2026-06-30