Aflac Incorporated (NYSE: AFL), a top provider of supplemental health and life insurance in the United States and Japan, announced today that it has experienced a cybersecurity incident that may have resulted in unauthorized access to sensitive customer and employee data.
The company disclosed the breach in a regulatory filing and issued a public statement, reassuring affected parties that it is taking immediate and complete steps to mitigate the impact.
The incident was first detected on or about June 10, 2025, when unusual activity was flagged within Aflac’s internal network systems. Upon discovery, the company promptly engaged top forensic cybersecurity experts to investigate the nature and scope of the breach.
Initial findings suggest that the unauthorized access occurred over several weeks before detection, raising concerns about the extent of data exfiltration.
While the investigation is ongoing, Aflac has indicated that the compromised data may include personal identifiable information (PII) such as names, addresses, Social Security numbers, and limited health information for some policyholders.
For employees, payroll and human resources data may also have been exposed. The company has not yet confirmed the exact number of individuals affected but stated it is working diligently to identify and notify all impacted parties in accordance with regulatory requirements.
In response to the incident, Aflac has implemented enhanced security protocols, including resetting credentials for internal systems, deploying additional monitoring tools, and strengthening network defenses.
“We deeply regret any concern or inconvenience this incident may cause our valued policyholders, employees, and partners,” stated an Aflac spokesperson. “Protecting their information is our utmost priority, and we are committed to providing full transparency as our investigation progresses.”
Aflac has alerted relevant law enforcement agencies and regulatory bodies about the breach. The company also announced that it will offer free credit monitoring and identity theft protection services to all individuals identified as potentially affected by the incident.
Customers are advised to remain vigilant, monitor their financial statements and credit reports for any suspicious activity, and be wary of unsolicited communications requesting personal information. The long-term financial and reputational impact on Aflac remains to be seen, but the company asserts its commitment to restoring confidence and ensuring the security of its data.
