Aflac Incorporated Discloses Cybersecurity Incident

Rhea-AI Summary

Aflac Incorporated (NYSE: AFL) disclosed a cybersecurity incident detected on June 12, 2025, where unauthorized access was gained through social engineering tactics. The company stopped the intrusion within hours and confirmed no ransomware was involved. The attack was part of a broader cybercrime campaign targeting the insurance industry. While business operations remain functional, preliminary findings indicate potentially compromised data includes claims information, health information, social security numbers, and personal information of customers, beneficiaries, employees, and agents. As a precautionary measure, Aflac is offering free 24-month credit monitoring, identity theft protection, and Medical Shield to affected individuals through a dedicated call center at 1-855-361-0305.

Positive

• Quick incident response - intrusion was stopped within hours of detection
• Business operations remain fully functional with no ransomware impact
• Company proactively offering free 24-month credit monitoring and identity protection services
• Systems continue to process claims and underwrite policies without disruption

Negative

• Unauthorized access gained to sensitive customer and employee data including SSNs and health information
• Exact number of affected individuals still unknown
• Part of a broader cybercrime campaign targeting insurance companies
• Social engineering vulnerability exposed security weaknesses

News Market Reaction

+0.65%

1 alert

+0.65% News Effect

On the day this news was published, AFL gained 0.65%, reflecting a mild positive market reaction.

Data tracked by StockTitan Argus on the day of publication.

COLUMBUS, Ga., June 20, 2025 /PRNewswire/ -- On June 12, 2025, Aflac Incorporated (NYSE: AFL) identified suspicious activity on our network in the United States. We promptly initiated our cyber incident response protocols and stopped the intrusion within hours. Importantly, our business remains operational, and our systems were not affected by ransomware. We continue to serve our customers as we respond to this incident and can underwrite policies, review claims, and otherwise service our customers as usual. This attack, like many insurance companies are currently experiencing, was caused by a sophisticated cybercrime group. This was part of a cybercrime campaign against the insurance industry. 

We have engaged leading third-party cybersecurity experts to support our response to this incident. While the investigation remains in its early stages, in the spirit of transparency and care for our customers, we are sharing that our preliminary findings indicate that the unauthorized party used social engineering tactics to gain access to our network. Additionally, we have commenced a review of potentially impacted files. It is important to note that the review is in its early stages, and we are unable to determine the total number of affected individuals until that review is completed. The potentially impacted files contain claims information, health information, social security numbers, and/or other personal information, related to customers, beneficiaries, employees, agents, and other individuals in our U.S. business. We remain committed to caring for and supporting our customers. While our teams work to review the potentially impacted data and determine the specific information involved, we are offering any individual who contacts our dedicated call center free credit monitoring and identity theft protection, and Medical Shield for 24 months. 

Please call our call center at 1-855-361-0305 which will open starting on June 20 at 8:00 a.m. Eastern Time. Our call center will be available Monday through Friday from 9:00 a.m. to 9:00 p.m. Eastern Time, Saturday from 9:00 a.m. to 5:30 p.m. Eastern Time and Sundays from 10:00 a.m. to 4:00 p.m. Eastern Time until the end of June and excluding major U.S. holidays. 

We regret that this incident occurred. We will be working to keep our stakeholders informed as we learn more and continue investigating the incident. 

ABOUT AFLAC INCORPORATED 
Aflac Incorporated (NYSE: AFL), a Fortune 500 company, has helped provide financial protection and peace of mind for nearly seven decades to millions of policyholders and customers through its subsidiaries in the U.S. and Japan. In the U.S., Aflac is the No. 1 provider of supplemental health insurance products.¹ In Japan, Aflac Life Insurance Japan is the leading provider of cancer and medical insurance in terms of policies in force. The company takes pride in being there for its policyholders when they need us most, as well as being included in the World's Most Ethical Companies by Ethisphere for 19 consecutive years (2025) and Fortune's World's Most Admired Companies for 24 years (2025). In addition, the company became a signatory of the Principles for Responsible Investment (PRI) in 2021 and has been included in the Dow Jones Sustainability North America Index (2024) for 11 years. To find out how to get help with expenses health insurance doesn't cover, get to know us at aflac.com or aflac.com/español. Investors may learn more about Aflac Incorporated and its commitment to corporate social responsibility and sustainability at investors.aflac.com under "Sustainability."

¹ LIMRA 2023 U.S. Supplemental Health Insurance Total Market Report 

Media Contact: mediarelations@aflac.com 

 

View original content to download multimedia:https://www.prnewswire.com/news-releases/aflac-incorporated-discloses-cybersecurity-incident-302487036.html

SOURCE Aflac

FAQ

What type of data was compromised in the Aflac (AFL) cybersecurity incident?

The potentially compromised data includes claims information, health information, social security numbers, and personal information of customers, beneficiaries, employees, agents, and other individuals in Aflac's U.S. business.

How is Aflac (AFL) responding to the June 2025 cyber attack?

Aflac stopped the intrusion within hours, engaged cybersecurity experts, maintained business operations, and is offering 24-month free credit monitoring, identity theft protection, and Medical Shield to affected individuals.

What services is Aflac offering to those affected by the 2025 data breach?

Aflac is offering free 24-month credit monitoring, identity theft protection, and Medical Shield through their dedicated call center at 1-855-361-0305.

Was Aflac's business operations affected by the June 2025 cyber incident?

No, Aflac's business operations remain fully functional, with systems able to underwrite policies, review claims, and service customers as usual.

How did hackers gain access to Aflac's systems in the 2025 breach?

The unauthorized access was gained through social engineering tactics as part of a broader cybercrime campaign targeting the insurance industry.