What happened
Aflac Life Insurance Japan disclosed a data breach affecting approximately 4.38 million customers and agents.
The breach began on June 15, when hackers accessed certain Aflac Japan systems. The attackers accessed the systems several times until June 25, when the company discovered the incident.
After identifying the unlawful access, Aflac Japan took containment steps to prevent further intrusion, including suspending certain systems.
Aflac said the incident is limited to certain Aflac Japan systems and does not affect systems tied to its U.S. business.
The attackers exfiltrated data from Aflac Japan’s policyholder portal. The compromised personal information includes names, addresses, phone numbers, dates of birth, gender, security information, and insurance account information.
Aflac Japan said insurance premium transfer account information for roughly 230,000 people was also exfiltrated. The company said no credit card information was accessed.
At least five services have been disrupted because of the incident. Aflac Japan said it could not estimate when the affected services would be restored.
The company said the types of exposed information vary by individual and that each affected customer will receive a notification letter with specific details.
Aflac Japan’s investigation remains ongoing with support from third-party cybersecurity experts. The company has also notified relevant authorities.
Who is affected
Approximately 4.38 million Aflac Japan customers and agents are likely affected.
The potentially exposed information includes names, addresses, phone numbers, dates of birth, gender, security information, and insurance account information.
Roughly 230,000 people also had insurance premium transfer account information exfiltrated.
Aflac said the incident is limited to certain Aflac Japan systems and does not affect systems related to its U.S. business.
Why CISOs should care
This incident shows how customer portals can become high-impact breach points when they hold personal, insurance, and account-related information at scale.
For CISOs, the insurance context matters because exposed policyholder data can support fraud, impersonation, targeted phishing, and account takeover attempts. Even without credit card exposure, names, contact details, dates of birth, insurance account data, and transfer account information can create meaningful risk.
The service disruption also matters. A breach affecting a policyholder portal can quickly become both a data protection issue and a business continuity issue if customer-facing services must be suspended during containment.
The case reinforces the importance of monitoring customer portals for repeated unauthorized access. Aflac Japan said attackers accessed systems several times between June 15 and June 25, making detection speed and portal-level telemetry critical.
3 practical actions
- Strengthen monitoring around policyholder portals: The attackers accessed Aflac Japan systems multiple times before the breach was discovered. CISOs should monitor customer portals for unusual access patterns, abnormal data queries, bulk downloads, and suspicious account activity.
- Prepare breach response for insurance account data exposure: The exposed data included personal information, security information, insurance account information, and premium transfer account information. Security teams should plan customer notifications, fraud warnings, identity verification controls, and support processes for affected policyholders.
- Balance containment with service continuity: Aflac Japan suspended certain systems and reported disruption to at least five services. Organizations should prepare playbooks that isolate affected systems while preserving essential customer service, claims, billing, and account support functions where possible.
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.

