Aflac Life Insurance Japan disclosed that an unauthorized third party accessed its systems between June 15 and June 25, exposing data tied to about 4.38 million customers. The company said the compromised information included names, dates of birth, addresses, phone numbers, policy coverage details, and data related to insurance representatives and commercial agencies; roughly 230,000 records also contained bank account information. Aflac said the incident was limited to its Japan operations, that U.S. business systems were not accessed, and that affected systems were suspended after the intrusion was discovered on June 25.
The breach adds to a broader pattern of cyber incidents affecting Japanese organizations, where public reporting has shown hundreds of ransomware and extortion-related cases and frequent abuse of internet-facing systems such as VPN appliances and RDP. Research on disclosed incidents involving Japanese firms found that attackers often move quickly to leak or weaponize stolen data and increasingly time disruptive actions for nights or weekends, underscoring the operational pressure facing defenders. Aflac said it has brought in third-party cybersecurity experts and notified Japan’s Financial Services Agency and police, while stating that no confirmed misuse of the stolen data had been identified at the time of disclosure.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
3 events from the most recent confirmed update back to the earliest known activity.
Aflac Japan disclosed that approximately 4.38 million customers were affected by the incident, including about 230,000 records containing bank account information. The company said the breach was confined to Japan and that no misuse of the stolen data had been confirmed at the time of disclosure.
On June 25, 2026, Aflac Japan discovered the intrusion, suspended affected systems, engaged third-party cybersecurity experts, and notified the Japan Financial Services Agency and police authorities.
Aflac Life Insurance Japan said an unauthorized third party accessed its Japanese systems during a breach window that began on June 15, 2026.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
5 references tracked. Mallory keeps watching after this page renders.
threataft.com
Open sourcesecurity.macnica.co.jp
Open sourcesecurity.macnica.co.jp
Open sourcesecurity.macnica.co.jp
Open sourcesecurity.macnica.co.jp
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.