Back to Feed
BreachesJun 30, 2026

Aflac Japan Data Breach Impacts 4.38 Million

Aflac Japan data breach exposes personal info of 4.38 million customers

Summary

Aflac Life Insurance Japan disclosed that hackers accessed its policyholder portal between June 15-25, 2026, compromising personal data for 4.38 million customers and agents. Stolen information includes names, addresses, phone numbers, dates of birth, gender, security information, insurance account details, and premium transfer account information for approximately 230,000 people. No credit card data was accessed, and the breach is limited to Aflac Japan systems; the company has suspended certain systems and is conducting an ongoing investigation with third-party cybersecurity experts.

Full text

Aflac Life Insurance Japan, a subsidiary of insurance giant Aflac, on Tuesday announced that hackers stole the personal information of 4.38 million customers. The company’s systems were hacked on June 15, and the attackers accessed them several times until June 25, when the data breach was discovered, Aflac said in a filing with the US Securities and Exchange Commission. “Upon identifying the unlawful access, Aflac Japan promptly took steps designed to contain the incident and prevent further intrusion, including suspending certain systems,” Aflac said. The incident is limited to certain Aflac Japan systems and does not affect Aflac’s systems related to the US business, the insurance giant told the SEC. According to an FAQ published on Aflac Japan’s website, at least five services have been disrupted as a result of the incident. For the time being, the company could not estimate when the affected services may be restored. Aflac Japan says the attackers exfiltrated data from its policyholder portal, and that approximately 4.38 million customers and agents are likely affected.Advertisement. Scroll to continue reading. The compromised personal information includes names, addresses, phone numbers, dates of birth, gender, security information, and insurance account information. According to the company, the insurance premium transfer account information of roughly 230,000 people was also exfiltrated, but no credit card information was accessed. Aflac Japan also notes that the types of exposed information vary by individual and that each customer will receive a notification letter containing specific details on the matter. The company also noted that its investigation into the attack is ongoing, supported by third-party cybersecurity experts. Aflac Japan also notified the relevant authorities. Related: Insurance Regulators Group NAIC Hit in Oracle PeopleSoft Hack Related: More Klue Breach Victims Identified as Hackers Get Hacked Related: Canadian Electricity Provider London Hydro Discloses Data Breach Related: Xsolis Data Breach Affects 1.4 Million Individuals Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Ionut Arghire Quantifind Raises $200 Million for AI-Native Risk IntelligenceResearchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer MachinesStraiker Raises $64 Million for AI Security Platform‘DirtyClone’ Linux Kernel Vulnerability Leads to Root AccessUS Offers $10 Million Bounty for Russian State Hackers as Messaging App Attacks EvolveChinese Framework Powers 200,000 Scam SitesMore Klue Breach Victims Identified as Hackers Get HackedNebulock Raises $25 Million for AI-Native Contextual Security Latest News BlueHammer Vulnerability Exploited in Ransomware AttacksDecades-Old Bash Tricks Expose AI Coding Agents to Supply Chain AttacksHacker Conversations: Chris Thompson, Former Head of IBM X-Force Red, Co-Founder of RemoteThreatSupreme Court Rules Constitutional Privacy Protections Apply to Cellphone Users’ Location HistoryExploitation of Recent Oracle E-Business Suite Vulnerability BeginsThe AI Token Costs That Can Break CybersecurityNissan Employee Data Breached in Oracle PeopleSoft HackCritical SimpleHelp Vulnerability Exploited for Malware Delivery Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Why Email Security Keeps Failing (And What Has to Change) July 8, 2026 Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more. Register Virtual Event: 2026 Cloud Security Summit July 16, 2026 This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments. Register People on the MoveTracey Mustacchio has joined Everfox as Chief Marketing Officer.Mark Carter has been appointed Chief Information Security Officer at Socure.Spektrum Labs has named Mark Cravotta Chief Operating Officer.More People On The MoveExpert Insights The AI Token Costs That Can Break Cybersecurity As cybersecurity platforms embrace agentic AI, organizations must balance detection performance against the escalating costs of token consumption, deployment architecture, and AI credits. (Danelle Au) When Information Becomes the Attack Surface – Understanding AI Agent Traps From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI. (Etay Maor) What the Latest ShinyHunters Breaches Reveal About Modern Cyberattacks Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage. (Torsten George) No Exploits Required Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures. (Tod Beardsley) After AI Reaches Production: 12 Ways Security Teams Can Take Control Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production. (Joshua Goldfarb) Flipboard Reddit Whatsapp Whatsapp Email

Entities

Aflac (vendor)Aflac Japan policyholder portal (product)