Aflac disclosed that it has begun notifying 22.65 million customers, beneficiaries, employees, agents and other stakeholders whose personal information was exposed in a cyber‑attack that occurred on June 12, 2025.
The breach involved the compromise of names, dates of birth, addresses, Social Security numbers, health information and claims data. Investigators suspect the attack was carried out by the threat actor known as Scattered Spider, using sophisticated social‑engineering tactics to gain initial access to Aflac’s systems.
Aflac contained the intrusion within hours, engaged third‑party cybersecurity experts, and is monitoring for suspicious activity. The company is offering free credit monitoring, identity‑theft protection and medical‑fraud protection to all affected individuals.
The incident has prompted regulatory scrutiny and shareholder litigation alleging a breach of fiduciary duty for failing to oversee cybersecurity risks. While Aflac’s core operations remain unaffected and the company reported strong FY2024 results, the breach could lead to fines and increased remediation costs, adding pressure to its risk‑management framework.
The attack is part of a broader trend of cyber‑attacks targeting the insurance industry, with Scattered Spider implicated in similar incidents. Aflac’s experience underscores the growing importance of robust cyber‑security controls and third‑party risk management in the sector.
The content on BeyondSPX is for informational purposes only and should not be construed as financial or investment advice. We are not financial advisors. Consult with a qualified professional before making any investment decisions. Any actions you take based on information from this site are solely at your own risk.