Aflac Data Breach in Japan Affects 4.38 Million Customers

by Anika Shah - Technology
0 comments

Aflac Japan has confirmed a data breach involving unauthorized access to its policyholder portal, potentially exposing the personal and financial information of approximately 4.38 million customers and agents. The intrusion occurred between June 15 and June 25, prompting the insurer to engage cybersecurity specialists and notify regulatory authorities in Japan and the United States.

How the Aflac Data Breach Occurred

How the Aflac Data Breach Occurred

The unauthorized access remained undetected for ten days. According to an official statement from Aflac, the company identified unusual activity on June 25 after detecting a high load status on an information processing unit, or CPU. Internal investigations revealed that attackers maintained persistent access to the portal during this window.

Aflac isolated the affected systems immediately upon discovery. The company has since reported the incident to authorities in Japan and the U.S. Securities and Exchange Commission (SEC). While the breach impacted the Japanese subsidiary, Aflac stated that its U.S. operations were not compromised in this specific incident.

What Information Was Exposed

Aflac Japan 4.38 Million Customers Data Stolen Fallout #cybernews #databreach #aflac #podcast

The scope of the compromised data varies by individual. According to the company, exposed records include personal contact details, insurance policy information, and banking records. Approximately 230,000 customers had their insurance premium transfer account information accessed. Aflac confirmed that no credit card information was involved in this breach.

While the company currently reports no evidence of fraudulent use of the data, the scale of the exposure presents a significant risk for identity theft and targeted phishing.

Broader Trends in Insurance Cybersecurity

This incident follows a pattern of high-profile cyberattacks within the insurance sector. A year ago, Aflac’s U.S. systems were targeted in an attack that impacted approximately 22 million customers.

The insurance industry remains a primary target for threat actors because these organizations store vast amounts of persistent, sensitive data. Security researchers, including those at Bleeping Computer, have linked recent attacks on firms like Erie Insurance and Philadelphia Insurance Companies to the threat group known as Scattered Spider. This group is also suspected of being involved in the Aflac breach last year. These actors often leverage stolen information to conduct sophisticated extortion schemes or highly targeted phishing campaigns.

Steps for Affected Customers

Aflac is currently in the process of notifying affected individuals. Even in the absence of confirmed fraud, customers should take proactive steps to secure their financial identities:

* Monitor Account Activity: Review bank and insurance statements closely for unauthorized transactions or anomalies.
* Exercise Caution with Communications: Scammers may use stolen policy details to craft convincing phishing emails or text messages. Do not click links in unsolicited messages or provide credentials to unverified callers.
* Verify Official Channels: If you receive a communication regarding your policy, navigate directly to the official Aflac website or use a verified phone number to confirm the request.
* Update Security Measures: Enable multifactor authentication (MFA) on all financial and insurance accounts and update passwords to unique, complex alternatives.

The investigation into the full extent of the exposure remains ongoing. Aflac noted that the figure of 4.38 million affected individuals is an estimate and may be subject to change as forensic analysis continues.

Related Posts

Leave a Comment