Aflac disclosed that an unauthorized third party accessed certain systems at Aflac Life Insurance Japan Ltd. between June 15 and June 25, leading to a data breach affecting its policyholder portal and related services. The company said the incident was discovered on June 25, after which it contained parts of the intrusion, suspended some systems, and notified the Japan Financial Services Agency and other relevant authorities while continuing policyholder services where possible.
Aflac said roughly 4.38 million customers and agents were likely affected, with exposed information including names, addresses, phone numbers, dates of birth, gender, security information, and insurance account details. The insurer also said premium transfer bank account information for about 230,000 people was exfiltrated, though no credit card data was accessed; at least five Japan services were disrupted, restoration timelines remain unclear, and the company said the breach was limited to Japan systems and did not affect its U.S. business.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
3 events from the most recent confirmed update back to the earliest known activity.
On June 30, 2026, Aflac disclosed the data breach affecting Aflac Life Insurance Japan and said approximately 4.38 million customers and agents were likely affected. The company said exposed data included personal and insurance account information, with premium transfer account information for roughly 230,000 people also exfiltrated, and notified Japanese authorities.
On June 25, 2026, Aflac Japan discovered the intrusion and responded by containing parts of the incident and suspending certain systems. The company said at least five services were disrupted while policyholder services continued during the investigation.
Aflac Life Insurance Japan said an unauthorized third party accessed certain company systems starting on June 15, 2026. The intrusion affected systems tied to its policyholder portal and was later found to involve theft of personal information.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
7 references tracked. Mallory keeps watching after this page renders.
scworld.com
Open sourceteiss.co.uk
Open sourcesecurityaffairs.com
Open sourcesecurityweek.com
Open sourcebleepingcomputer.com
Open sourcesec.gov
Open sourceaflac.co.jp
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.