The California Office of the Attorney General disclosed a data breach at Aflac, where unauthorized actors potentially accessed Microsoft Office 365 email accounts of some sales agents. The breach spanned from **September 8, 2017, to May 9, 2018**, though the exact number of affected individuals remains undetermined. The compromised data may have included highly sensitive personal and financial information, such as **names, addresses, dates of birth, policy numbers, and Social Security numbers (SSNs)**. The prolonged exposure period increases the risk of identity theft, financial fraud, or misuse of the stolen data. While the breach was limited to sales agents' accounts, the nature of the exposed information—particularly SSNs—poses significant long-term risks to both employees and customers whose data may have been stored or transmitted via these accounts. The incident underscores vulnerabilities in third-party email systems and the critical need for robust monitoring to detect and mitigate unauthorized access promptly.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-140247
TPRM report: https://www.rankiteo.com/company/aflac
"id": "afl230090725",
"linkid": "aflac",
"type": "Breach",
"date": "9/2017",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown',
'industry': 'Insurance',
'location': 'United States (California)',
'name': 'Aflac',
'type': 'Insurance Company'}],
'data_breach': {'data_exfiltration': 'Possible',
'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': ['names',
'addresses',
'dates of birth',
'policy numbers',
'social security '
'numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['PII (Personally Identifiable '
'Information)']},
'description': 'The California Office of the Attorney General reported that '
'Aflac experienced a data breach involving possible '
'unauthorized access to Microsoft Office 365 email accounts '
'belonging to some sales agents. The breach activity occurred '
'between September 8, 2017, and May 9, 2018. Compromised '
'information may have included names, addresses, dates of '
'birth, policy numbers, and social security numbers.',
'impact': {'data_compromised': ['names',
'addresses',
'dates of birth',
'policy numbers',
'social security numbers'],
'identity_theft_risk': 'High (PII exposed)',
'systems_affected': ['Microsoft Office 365 email accounts']},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'title': 'Aflac Data Breach Involving Microsoft Office 365 Email Accounts',
'type': 'Data Breach'}