← All articles

Aflac Japan breach exposes personal data of 4.38 million customers and agents

Aflac Life Insurance Japan, a subsidiary of the US insurance giant Aflac, says attackers broke into its policyholder portal and stole personal data belonging to about 4.38 million customers and agents. The intruders accessed systems repeatedly between June 15 and June 25, when the breach was detected through a surge in traffic, and the company suspended affected systems in response. Exposed data includes names, addresses, phone numbers, dates of birth, gender, and insurance account details, plus premium payment account information for roughly 230,000 people; no credit card data was taken. Aflac says the incident is limited to its Japan systems and does not affect its US operations.

Check
Aflac Japan policyholders and agents should watch for their notification letter, stay alert to phishing and fraud referencing Aflac or insurance accounts, and monitor bank accounts used for premium payments.
Affected
About 4.38 million Aflac Japan customers and agents whose personal and insurance data was exposed, including premium payment account details for roughly 230,000; the breach is limited to Aflac's Japan systems.
Fix
Affected people should monitor accounts for fraud and be cautious of insurance-themed phishing. Organizations should tighten access to customer portals, enforce phishing-resistant MFA, and monitor for unusual access and data exfiltration.