Emerging ThreatsData Breaches

Aflac Discloses Data Breach After Japan Subsidiary Hack

Analyst 207||Source: BleepingComputer
Concerned employees in a brightly-lit Japanese office setting with a computer workstation in the foreground showing a…

"On June 30, 2026, Aflac Life Insurance Japan Ltd. ('Aflac Japan'), a wholly owned subsidiary of Aflac Incorporated, a Georgia corporation (the 'Company'), issued a press release announcing that, on June 25, 2026, Aflac Japan discovered an unauthorized third‑party had unlawfully accessed certain of Aflac Japan's systems between June 15, 2026 and June 25, 2026," the insurance company said.

Aflac Japan: timeline and containment actions

According to a filing with the U.S. Securities and Exchange Commission (SEC), the intrusion occurred between June 15 and June 25, 2026, and was discovered on June 25. Aflac says that upon identifying the unlawful access, Aflac Japan "promptly took steps designed to contain the incident and prevent further intrusion, including suspending certain systems." Despite those suspensions, the company said Aflac Japan "continues to serve its policyholders as it responds to this incident."

Files accessed: policy and bank account details

Aflac disclosed that threat actors gained access to "some sensitive information stored on the affected systems." In its SEC filing the company added that, "Although the investigation remains ongoing, Aflac Japan has determined that certain impacted files contain policy and coverage details, personal information, and bank account information." The company has notified the Japan Financial Services Agency and other relevant authorities and "intends to provide appropriate notifications to individuals affected by this incident."

Aflac's footprint and last year's related breach

The filing noted Aflac is a Fortune 500 company and "the largest supplemental insurance provider in the United States, serving millions of customers in the U.S. and Japan." The June 2026 disclosure follows an earlier incident: one year ago Aflac disclosed another data breach in the midst of a broader campaign targeting insurance companies across the United States. At that time the company said attackers "may have gained access to documents containing sensitive information about customers, beneficiaries, employees, agents, and other individuals."

That prior incident, Aflac said, "had all the signs of a Scattered Spider attack." The source lists Scattered Spider's tracked aliases as 0ktapus, UNC3944, Scatter Swine, Starfraud, and Muddled Libra, and notes the group has previously been associated with breaches at other insurers and with partnerships with ransomware operations such as Qilin, RansomHub, and DragonForce. The source also lists a number of organizations previously reported as victims of Scattered Spider activity.

What this means for technologists, the Japan Financial Services Agency, and policyholders

  • Technologists and security teams: Aflac says it is "investigating the incident with the help of external cybersecurity experts." Those teams will need to establish the full technical scope of the intrusion, confirm which files were accessed, and validate containment measures already taken, including the suspended systems.
  • The Japan Financial Services Agency and regulators: Aflac has notified the Japan Financial Services Agency and other relevant authorities. Regulators will receive formal breach notifications and any follow‑up information the company provides as the investigation continues.
  • Policyholders and affected individuals: The company has stated it "intends to provide appropriate notifications to individuals affected by this incident." Aflac's disclosure specifies that the impacted files include policy and coverage details, personal information, and bank account information, so notified individuals will need to review communications from Aflac and take any steps the company recommends.

Where this stands now

At the time of the SEC filing Aflac said the incident "is limited to systems in Japan" and that "the Company's systems related to its U.S. business were not accessed by the unauthorized third‑party." The company also emphasized that "At this time, the full scope and potential ultimate impact on the Company are not known." An Aflac spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.

The immediate facts are narrow: an intrusion detected on June 25 that affected Aflac Japan systems and exposed files containing policy, personal and bank account information, prompt containment steps by Aflac Japan, notification to Japanese authorities, and an ongoing investigation assisted by external cybersecurity experts. How many individuals will be notified, what precise data sets were exposed, and whether any follow‑on misuse of the data occurs remain open questions until the investigation reaches conclusive findings.

Original reporting: BleepingComputer

Data BreachEmerging ThreatsJapanSupply ChainUnauthorized AccessU.S. Securities And Exchange CommissionInsurance SectorHack
Related Intelligence

Continue Reading

Laptop on office desk with blurred CAPTCHA on screen, surrounded by papers and supplies.

Cybercriminals Exploit ClickFix to Deliver Malware

Don't assume macOS is safe from cyber threats - a recent report warns that it now requires the same level of monitoring and protection as Windows to prevent malware attacks. Cybercriminals are using the ClickFix technique to deliver malware, tricking victims into running malicious commands.

Analyst 207
Technicians work in a server room with rows of computer equipment, a laptop in the foreground with a blurred screen and…

CVE-2026-48558 Exploitation Deploys TaskWeaver, Djinn Stealer Malware

A critical vulnerability, CVE-2026-48558, with a maximum severity score of 10.0 is being exploited to spread two new malware families, TaskWeaver and Djinn Stealer, by turning remote monitoring servers into malware distribution points. This flaw allows attackers to bypass OpenID Connect authentication in SimpleHelp and gain a fully authenticated session.

Analyst 207
Hotel staff room with laptop on desk showing suspicious email on blurred screen.

Hackers Exploit Blockchain to Target Japan Hotels via Phishing

TrendAI Research uncovered a sneaky phishing campaign in late May 2026 that targeted hotel staff in Japan, cleverly disguising emails as guest complaints or review requests to trick employees into divulging sensitive info. The attackers stayed one step ahead, constantly updating their tactics to maximize their success.

Analyst 207
Industrial setting with disrupted computer screens and muted colors.

Blackfield Ransomware Targets Nidec with $2 Million Extortion Demand

Nidec Corporation revealed that its Taiwanese subsidiary was hit by a Blackfield ransomware attack, prompting swift emergency measures to contain the breach and prevent further damage. The hackers are now demanding a whopping $2 million in extortion, threatening to leak sensitive data if their demands aren't met.

Analyst 207