Insurance Giant Aflac Discloses Data Breach via Subsidiary – Veri Sızıntısı
Live
Search
Company
About Founder's Note Press & Media Privacy Policy Terms of Service FAQ Brand Kit Comparison Table
Products
HUBOne HUBCorp Coming Soon Veri Sızıntısı Android Coming Soon Veri Sızıntısı iOS Coming Soon Veri Sızıntısı Huawei Coming Soon Breach Radar Argus Flow Argus Engine LivePlatform Integration Area
Technologies
What is Argus AI? Try on HUBOne What is Argus Flow? What is Argus Engine?
Blog Contact

Insurance Giant Aflac Discloses Data Breach via Subsidiary

US insurance giant Aflac has announced a data breach involving personal and bank information after its Japanese subsidiary's systems were compromised. The attack did not affect the company's US operations.

A lock and warning icon displayed on a computer screen in front of an insurance company's logo.

What Happened

Aflac, one of the world's largest insurance companies based in the United States, has made an announcement that has shaken the cybersecurity world. The Fortune 500 company confirmed that an unauthorized third party breached the systems of its Japanese subsidiary, Aflac Japan, and accessed sensitive customer data. The incident was disclosed to the public through an official filing with the U.S. Securities and Exchange Commission (SEC).

According to the company's statement, the attackers gained access to Aflac Japan's systems between June 15, 2026, and June 25, 2026. The breach was discovered by the company on June 25. Aflac stated that it immediately took action to contain the incident and restore system security. As part of these measures, some systems were temporarily suspended, but it was emphasized that service to policyholders continued. This demonstrates the company's effort to manage the crisis while maintaining operational continuity. The incident was officially acknowledged with a press release on June 30, 2026.

Aflac is America's largest provider of supplemental insurance, serving millions of customers, and holds a very strong position in the Japanese market. Therefore, while the fact that the attack was limited to its Japanese systems may be a small comfort for the company's global operations, it represents a serious concern for millions of customers in Japan.

What Data Was Compromised

According to Aflac's announcement, the data accessed by the cyberattackers is of a highly sensitive nature. Although the investigation is still ongoing, initial findings indicate that the compromised files contain the following information:

  • Policy and Coverage Details: The type, scope, premium payments, and other specific details of insurance policies held by customers. This information could be used by scammers to launch highly targeted and convincing phishing attacks.
  • Personal Information: Customers' names, addresses, contact information, and likely other identifying data that could be used to verify their identities. The theft of such information significantly increases the risk of identity theft.
  • Bank Account Information: Bank account numbers and other related financial data used by customers for premium payments or claims. This information carries the potential for direct financial fraud and unauthorized withdrawals.

The combined theft of these three data categories escalates the severity of the attack. Attackers can combine this information not only to achieve financial gain but also to create complex fraud scenarios aimed at completely taking over customers' digital identities.

How Did the Attack Happen

Aflac has not shared any technical details about how the attackers breached its systems in Japan. There has been no official statement regarding the security vulnerability that was exploited, the attack vector used, or the threat actor behind it. The company stated that it is conducting a comprehensive investigation with external cybersecurity experts to shed light on the incident. As the investigation progresses, more information about the root cause and methods of the attack is expected to emerge.

However, an examination of Aflac's cybersecurity history reveals that the company has faced similar incidents before. About a year ago, the company disclosed another data breach as part of a broader wave of attacks targeting insurance companies in the U.S. That breach was thought to be linked to a cybercrime group known as Scattered Spider (also known as 0ktapus, UNC3944), which specializes in infiltrating corporate networks. Scattered Spider is known for its attacks on corporate giants like MGM Resorts and Caesars. Nevertheless, no evidence has yet been presented to link the current Japan attack to this group or the past incident.

Who Is Affected

Those directly affected by this data breach are the customers of Aflac's Japanese subsidiary, Aflac Life Insurance Japan Ltd. The company's SEC filing explicitly stressed that the incident is entirely limited to systems in Japan and that there was no unauthorized access to systems related to its U.S. business. This means that Aflac customers in the U.S. are not affected by this event.

Aflac has not provided a specific number of affected individuals. However, given the company's large customer base in Japan, it is estimated that a potentially large number of people's data could be at risk. The company has notified the Japan Financial Services Agency and other relevant authorities and has pledged to provide the necessary notifications to all affected individuals as required by law.

What Can You Do

If you are an Aflac Japan customer and believe you may have been affected by this incident, it is recommended that you take the following steps:

  • Wait for Official Notification: Aflac has stated it will notify affected customers directly. Pay close attention to official emails, letters, or other communications from the company.
  • Monitor Your Bank Accounts: Since your bank account information may have been compromised, regularly review your bank statements and transactions for any suspicious activity. Report any unrecognized transactions to your bank immediately.
  • Be Wary of Phishing Attacks: Attackers may use the stolen policy and personal information to send you fraudulent emails or messages that appear to be from Aflac. These messages may ask for additional information or prompt you to click a link to a fake website. Do not click on any suspicious links or share personal information.
  • Update Your Passwords: If you use passwords for Aflac or other financial services that are similar to each other, consider changing them. Using strong, unique passwords is always the best practice.

What the Company Says

Aflac is attempting to manage its response to the incident with transparency. The filing with the SEC clearly outlines the company's corporate stance: "Upon identifying the unlawful access, Aflac Japan promptly took steps designed to contain the incident and prevent further intrusion, including suspending certain systems. Notwithstanding the suspension of certain systems, Aflac Japan continues to serve its policyholders as it responds to this incident."

The company also acknowledged that the investigation is ongoing and, therefore, "the full scope and potential ultimate impact on the Company are not known." This statement is standard in the aftermath of cybersecurity breaches and usually indicates that understanding the full extent of the damage will take time. Aflac stated that it is in full cooperation with Japanese authorities and will take all necessary steps to protect affected customers. An Aflac spokesperson did not immediately respond to BleepingComputer's request for comment.

Source

https://www.bleepingcomputer.com/news/security/insurance-giant-aflac-discloses-data-breach-after-subsidiary-hack/

This content was generated with AI assistance through our Argus Flow application. We are continuously working to improve Argus Flow; if you encounter any issues such as translation errors, incorrect sources, or unverified information, you can report them using the button below. We appreciate your feedback.

Share This Article
X LinkedIn WhatsApp
← Previous Post AVG Mobile Security A New Shield for iOS Against Threats Next Post → Aflac Japan Data Breach Impacts 4.38 Million Individuals

Weekly Newsletter

Curated data breach news delivered to your inbox every week.