Overview
- Aflac Life Insurance Japan said it discovered unauthorized access on June 25 after attackers had repeatedly accessed systems between June 15 and June 25, and the company disclosed the incident on June 30.
- Company filings say roughly 4.38 million current and former policyholders had personal data exposed, with about 230,000 insurance premium bank-transfer account records included in the files taken.
- The types of data taken include names, addresses, phone numbers, dates of birth, gender, security and insurance account information, and the exposed records vary by individual, while Aflac says credit card details and Japan’s My Number identifiers were not accessed.
- Aflac Japan suspended affected systems and says multiple customer-facing services remain disrupted with no estimate for restoration as it works with outside cybersecurity investigators and notifies regulators and law enforcement.
- So far there are no confirmed cases of misuse, but the breach highlights the recurring cyber risk to insurers and the cross-border challenges multinational insurers face when large volumes of customer financial and policy data are exposed.