Aflac Japan Reports Massive Data Breach Affecting 4.38 Million Customers
Aflac Life Insurance Japan Ltd. disclosed a significant data breach on June 30, exposing the personal information of approximately 4.38 million policyholders. The incident, detected on June 25, involved unauthorized access to the company’s Aflac Yoriso Net portal, which allows customers to manage contract details and policy changes.
Among the compromised data were names, dates of birth, gender, phone numbers, policy numbers, and coverage details. Notably, around 230,000 records included bank account numbers used for premium payments. Additionally, the breach exposed contact information for roughly 40,000 insurance agencies, including addresses, phone numbers, and representative names. However, sensitive data such as My Number (Japan’s national ID), credit card numbers, and health status at the time of contract were not affected.
Investigations revealed that the unauthorized access began approximately 10 days before detection. In response, Aflac took portions of its policyholder portal and internal systems offline, redirecting claims processing to phone and alternative channels. The company stated that no confirmed misuse of the stolen data has been reported.
Aflac issued an apology to affected customers and stakeholders, pledging to identify the cause and implement preventive measures. The breach underscores the ongoing risks to financial and insurance sectors, where large-scale customer data remains a prime target for cyberattacks.
Source: https://www.asahi.com/ajw/articles/16686814
Aflac Life Insurance Japan Ltd. TPRM report: https://www.rankiteo.com/company/aflac
"id": "afl1782816142",
"linkid": "aflac",
"type": "Breach",
"date": "6/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '4.38 million policyholders, '
'40,000 insurance agencies',
'industry': 'Insurance',
'location': 'Japan',
'name': 'Aflac Life Insurance Japan Ltd.',
'type': 'Insurance Company'}],
'attack_vector': 'Unauthorized Access',
'customer_advisories': 'Public disclosure and apology issued',
'data_breach': {'number_of_records_exposed': '4.38 million policyholders, '
'40,000 insurance agencies',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (personal and financial '
'information)',
'type_of_data_compromised': ['Names',
'Dates of birth',
'Gender',
'Phone numbers',
'Policy numbers',
'Coverage details',
'Bank account numbers']},
'date_detected': '2024-06-25',
'date_publicly_disclosed': '2024-06-30',
'description': 'Aflac Life Insurance Japan Ltd. disclosed a significant data '
'breach on June 30, exposing the personal information of '
'approximately 4.38 million policyholders. The incident '
'involved unauthorized access to the company’s *Aflac Yoriso '
'Net* portal, which allows customers to manage contract '
'details and policy changes. The breach exposed names, dates '
'of birth, gender, phone numbers, policy numbers, coverage '
'details, and bank account numbers for premium payments. '
'Additionally, contact information for roughly 40,000 '
'insurance agencies was compromised. No misuse of the stolen '
'data has been confirmed.',
'impact': {'brand_reputation_impact': 'Yes',
'data_compromised': 'Personal information of 4.38 million '
'policyholders and contact information of '
'40,000 insurance agencies',
'identity_theft_risk': 'Yes',
'operational_impact': 'Claims processing redirected to phone and '
'alternative channels',
'payment_information_risk': 'Yes (bank account numbers exposed)',
'systems_affected': 'Aflac Yoriso Net portal, internal systems'},
'initial_access_broker': {'entry_point': 'Aflac Yoriso Net portal',
'reconnaissance_period': 'Approximately 10 days '
'before detection'},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'corrective_actions': 'Pledged to identify the '
'cause and implement '
'preventive measures'},
'references': [{'date_accessed': '2024-06-30',
'source': 'Aflac Japan Public Disclosure'}],
'response': {'communication_strategy': 'Issued apology and public disclosure',
'containment_measures': 'Took portions of policyholder portal '
'and internal systems offline',
'incident_response_plan_activated': 'Yes',
'recovery_measures': 'Redirected claims processing to phone and '
'alternative channels'},
'stakeholder_advisories': 'Apology issued to affected customers and '
'stakeholders',
'title': 'Aflac Japan Reports Massive Data Breach Affecting 4.38 Million '
'Customers',
'type': 'Data Breach'}