More than 22 million Aflac customers impacted by June data breach

Steven

More than 22 million Aflac customers impacted by June data breach

Summary

Aflac has confirmed that a June data breach exposed information for roughly 22.7 million people after files were stolen during a hacker intrusion. The insurer says it stopped the intrusion within hours, did not suffer a ransomware event and experienced no operational disruption. Stolen documents included insurance claims, health information, Social Security numbers and other personal details for customers, beneficiaries, employees, agents and others.

The company notified the SEC and federal law enforcement, hired cybersecurity specialists, and concluded its investigation on 4 December. Aflac is sending breach-notification letters and offering affected individuals two years of identity-protection services; enrolment closes on 18 April 2026.

Key Points

  • About 22.7 million individuals had information stolen in the June incident.
  • Compromised files contained insurance claims, health data, Social Security numbers and other sensitive details.
  • Aflac says the intrusion was halted within hours and it was not a ransomware attack.
  • The company has notified regulators and law enforcement and is mailing breach-notification letters to victims.
  • Affected people are eligible for two years of identity-protection services; enrolment deadline is 18 April 2026.
  • The incident is linked to a wider campaign targeting the insurance sector by the Scattered Spider group.
  • Authorities have taken down a leak site used by the group and arrested suspects in related attacks.

Context and relevance

This breach matters because it exposes highly sensitive personally identifiable information, heightening the risk of identity theft and insurance fraud. It fits a broader trend of social-engineering-led intrusions against insurers — groups like Scattered Spider have repeatedly targeted the sector — which shows insurers remain high-value targets for cybercriminals. Customers, security teams and compliance officers should be alert to notification letters, enrol in offered protections if eligible, monitor credit reports and watch for phishing or fraud attempts.

Why should I read this?

Quick and blunt: if you or someone you care for has Aflac cover, check your post and emails now. SSNs and health-claim details are in the mix, so you might need to sign up for the identity service, freeze credit and be ready for scams. We read the full report so you don’t have to — act fast, don’t ignore it.

Source

Source: https://therecord.media/22-million-impacted-aflac-breach