Aflac Life Insurance Japan, a subsidiary of the US insurance giant Aflac, says attackers broke into its policyholder portal and stole personal data belonging to about 4.38 million customers and agents. The intruders accessed systems repeatedly between June 15 and June 25, when the breach was detected through a surge in traffic, and the company suspended affected systems in response. Exposed data includes names, addresses, phone numbers, dates of birth, gender, and insurance account details, plus premium payment account information for roughly 230,000 people; no credit card data was taken. Aflac says the incident is limited to its Japan systems and does not affect its US operations.
Have I Been Pwned has added US insurance provider Kemper to its breach corpus with 269,299 unique email addresses. Kemper offers auto, home, life, and health insurance across the United States. As is typical for HIBP additions, the underlying breach source and disclosure details are not published alongside the entry, but the listing lets individuals and organizations check whether their accounts appear in the leaked dataset. Affected customers should anticipate insurance-themed phishing - claim-status updates, policy-renewal prompts, or premium-refund lures. The addition continues a steady run of US financial-services and insurance breaches surfacing in HIBP through late May.
Troy Hunt's Have I Been Pwned added two new ShinyHunters victims this week. Abrigo - a Texas-based fintech that builds risk, compliance, and lending software for thousands of US banks and credit unions - had 711,099 unique email addresses and 1.75 million records lifted from its Salesforce environment in April after refusing to pay the ransom. The Canada Life Assurance Company, one of Canada's largest insurers, had 237,810 accounts confirmed in HIBP from a separate ShinyHunters Salesforce breach. Both fit the pattern of the months-long ShinyHunters mass-extortion campaign that already hit Zara, Woflow, and Instructure, with stolen data sitting in third-party Salesforce tenants rather than the victims' core systems.