RSS

Insurance giant Aflac discloses data breach after subsidiary hack

Brajeshwar1 pts0 comments

Insurance giant Aflac discloses data breach after subsidiary hack

Home<br>News<br>Security<br>Insurance giant Aflac discloses data breach after subsidiary hack

Insurance giant Aflac discloses data breach after subsidiary hack

By Sergiu Gatlan

June 30, 2026

07:12 AM

American insurance giant Aflac has disclosed a new data breach after attackers breached its Japan subsidiary's systems and stole personal and bank account information.

Aflac (short for American Family Life Assurance Company) is a Fortune 500 company and the largest supplemental insurance provider in the United States, serving millions of customers in the U.S. and Japan.

In a filing with the U.S. Securities and Exchange Commission (SEC) on Monday, the company revealed that threat actors gained access to Aflac Japan's systems earlier this month.

"On June 30, 2026, Aflac Life Insurance Japan Ltd. ("Aflac Japan"), a wholly owned subsidiary of Aflac Incorporated, a Georgia corporation (the "Company"), issued a press release announcing that, on June 25, 2026, Aflac Japan discovered an unauthorized third-party had unlawfully accessed certain of Aflac Japan's systems between June 15, 2026 and June 25, 2026," the insurance company said.

"Upon identifying the unlawful access, Aflac Japan promptly took steps designed to contain the incident and prevent further intrusion, including suspending certain systems. Notwithstanding the suspension of certain systems, Aflac Japan continues to serve its policyholders as it responds to this incident."

Aflac is now investigating the incident with the help of external cybersecurity experts and has revealed that the threat actors have gained access to some sensitive information stored on the affected systems.

The company has alerted Japanese authorities to the incident and will notify affected individuals of the data breach.

"Although the investigation remains ongoing, Aflac Japan has determined that certain impacted files contain policy and coverage details, personal information, and bank account information. Aflac Japan has notified the Japan Financial Services Agency and other relevant authorities, and intends to provide appropriate notifications to individuals affected by this incident.

"This incident is limited to systems in Japan, the Company's systems related to its U.S. business were not accessed by the unauthorized third-party. At this time, the full scope and potential ultimate impact on the Company are not known."

An Aflac spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.

One year ago, Aflac disclosed another data breach amid a broader campaign targeting insurance companies across the United States, saying that the attackers may have gained access to documents containing sensitive information about customers, beneficiaries, employees, agents, and other individuals.

While Aflac didn't attribute last year's breach to a specific threat group, the incident had all the signs of a Scattered Spider attack.

Scattered Spider (also tracked as 0ktapus, UNC3944, Scatter Swine, Starfraud, and Muddled Libra) was also behind breaches at Erie Insurance and Philadelphia Insurance Companies (PHLY), part of the same wave of attacks.

They've also previously partnered with other ransomware operations, such as Qilin, RansomHub, and DragonForce, and their list of victims includes MGM Resorts, DoorDash, Caesars, MailChimp, Twilio, Coinbase, Riot Games, and Reddit.

Test every layer before attackers do

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.<br>The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

Related Articles:

Pharma giant Novo Nordisk discloses breach of clinical trials data<br>Infinite Campus data breach affects 137,000 school staff accounts<br>Over 73,000 French govt employees affected in Tchap messenger breach<br>French govt messaging service breached in account hijacking attack<br>7-Eleven confirms data breach claimed by the ShinyHunters gang

Aflac

Breach

Data Breach

Data Theft

Insurance

Japan

Security Breach

Sergiu Gatlan

Sergiu is a news reporter who has covered the latest cybersecurity and technology developments for over a decade. Email or Twitter DMs for tips.

Previous Article

Next Article

Post a Comment Community Rules

You need to login in order to post a comment

Not a member yet? Register Now

You may also like:

Upcoming Webinar

Popular Stories

Data breach exposes up to 14.2 million email logins at six ISPs

Clean GitHub repo tricks AI coding agents into running malware

U.S. offers $10 million for hackers targeting WhatsApp, Signal users

Sponsor Posts

Build a GRC agent in minutes, no code. Get early access to Agent Studio.

VOIP Detection with Phone.com and IPQS

Overdue a password health-check? Audit your Active Directory for free

See how Pixellot discovered and secured...

aflac breach japan data insurance systems

Related Articles

(no title)

Risse50 ptstitle

Is AI ruining our skills? Early results are in – and they're not good

Michelangelo1124 ptstools skills during physicians colonoscopies tool

The Anatomy of an AI-Native Org

kiyanwang22 ptstranslated managers business translation language engineering

Apertus – Open Foundation Model for Sovereign AI

T-A16 ptsopen model apertus foundation sovereign fully

The labor share of income in the US is at its lowest post-war level

loughnane15 ptsfinancial labor share york securities central
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.