American insurance company Aflac has disclosed a new cybersecurity incident after hackers gained unauthorized access to systems belonging to its Japan subsidiary. According to the company, the breach was discovered on June 25, 2026, following suspicious activity that occurred between June 15 and June 25. The company confirmed that an unauthorized third party accessed certain internal systems during that period. Investigations are still ongoing to determine the complete impact of the incident.

Aflac said it responded immediately after detecting the intrusion by taking steps to contain the attack and stop any further unauthorized access. As part of its response, the company temporarily suspended some affected systems while security teams worked to secure the environment. Despite these actions, Aflac confirmed that its Japan business continues to provide services to policyholders without major disruption. External cybersecurity experts have also been brought in to assist with the investigation.
The company revealed that the attackers were able to access files containing sensitive customer information stored on the affected systems. The exposed data may include insurance policy details, coverage information, personal identification data, and bank account information. At this stage, Aflac has not disclosed how many individuals were affected because the investigation is still in progress. The company is continuing a detailed review of all impacted systems and files.

Aflac has informed the Japan Financial Services Agency and other relevant authorities about the cybersecurity incident. The company also stated that it plans to notify all individuals whose information may have been exposed once the investigation identifies the affected records. Officials are working to understand exactly what information was accessed and whether any data has been misused. Further updates are expected as the investigation moves forward.
The company clarified that the incident was limited to its operations in Japan and did not affect systems supporting its United States business. According to Aflac, there is currently no evidence that the unauthorized party accessed its U.S. network or customer systems. However, the company admitted that the full scope of the breach and its long-term impact are still unknown. Security teams continue to examine the attackers’ activities in detail.

This is not the first cybersecurity incident involving Aflac. About a year earlier, the company disclosed another major data breach that affected its U.S. operations. During that earlier attack, cybercriminals gained access to sensitive information belonging to customers, beneficiaries, employees, and insurance agents. The company later confirmed that millions of individuals had been impacted after completing a lengthy investigation.
Although Aflac has not identified the group responsible for the latest Japan incident, cybersecurity researchers have previously linked attacks on insurance companies to organized cybercrime groups. Last year’s breach showed several characteristics associated with the Scattered Spider threat group, which has been connected to attacks on multiple insurance providers. The group is known for using social engineering techniques to gain initial access before targeting sensitive business data.

The latest breach highlights the growing cybersecurity risks facing the global insurance industry, where organizations manage large amounts of personal, financial, and medical information. Aflac says it is continuing to work with cybersecurity specialists and authorities to strengthen its defenses while investigating the attack. The company has promised to keep regulators and affected individuals informed as more details become available. The investigation remains active, and additional findings may be released in the coming weeks.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news