Aflac Cyberattack Exposes Sensitive Data, Prompts Swift Response

Aflac, the top supplemental insurance provider in the U.S., has reported a cybersecurity breach affecting its U.S. operations. Detected on June 12, 2025, the attack was identified as a sophisticated social engineering campaign, likely linked to a known cybercrime group.

The attackers reportedly exploited social media to gain unauthorized access to internal systems. Although no ransomware was involved, early investigations suggest that sensitive data—such as Social Security numbers, medical information, and insurance claims—may have been compromised.

The Columbus, Georgia-based insurer quickly contained the intrusion and has since engaged leading cybersecurity experts to conduct a comprehensive investigation. While the total number of impacted individuals remains unclear, the company has prioritized transparency and customer protection.

To support those potentially affected, Aflac is offering 24 months of complimentary credit monitoring, identity theft protection, and Medical Shield coverage. A dedicated call center has been established for inquiries and assistance.

This breach comes amid a rise in cyberattacks targeting insurance and retail sectors, exposing gaps even among well-established firms. It also follows a 2023 incident in Japan that compromised cancer policyholders' data.

The situation underscores the urgent need for stronger, adaptive cybersecurity practices across the industry.