Aflac Life Insurance Reports Data Breach Affecting 4.38 Million Customers

Aflac Life Insurance Reports Data Breach Affecting 4.38 Million Customers

Aflac Life Insurance Japan reported a data breach affecting 4.38 million customers through unauthorized access to its policyholder portal. Personal information including names, addresses, phone numbers, and some bank details were compromised.

Share

Key Points

  • 4.38 million Aflac customers had personal data compromised through unauthorized system access.
  • Exposed information includes names, addresses, phone numbers, and some bank account details.
  • Contact Aflac to verify if your account was affected and monitor financial accounts.
  • Beware of phishing attempts using your leaked information; Aflac won't request sensitive data.
Aflac Life Insurance Japan has disclosed a major cybersecurity incident affecting approximately 4.38 million customers, making it one of the largest data breaches in Japan's insurance sector in recent years. According to NHK, the breach occurred through unauthorized access to the company's policyholder portal system, compromising personal information including names, addresses, and telephone numbers. For some customers, bank account information was also exposed. The breach was announced on June 30, 2026, by Aflac Life Insurance, a major provider of cancer insurance and supplementary medical coverage in Japan. The company operates the affected portal system to allow policyholders to check their insurance coverage details and manage their accounts online. The unauthorized access exploited vulnerabilities in this customer-facing platform, giving attackers access to sensitive personal data. For foreign residents in Japan who hold Aflac policies, this breach raises significant concerns about identity theft and financial fraud. The exposure of names, addresses, and phone numbers could lead to targeted phishing attempts, while the compromised bank account information for some customers presents direct financial risks. Expats should be particularly vigilant, as they may be more vulnerable to sophisticated scams that exploit language barriers or unfamiliarity with Japanese fraud prevention systems. As of the announcement date, Aflac has not reported any confirmed cases of the leaked information being misused. However, the scale of the breach—affecting over 4 million individuals—means the risk remains substantial. The company has not yet publicly detailed the specific security measures that failed or the timeline of when the unauthorized access occurred versus when it was detected. Foreign policyholders should take immediate protective steps. First, contact Aflac directly to confirm whether your specific account was affected and what categories of your personal information were compromised. The company should provide guidance in multiple languages for international customers. Second, monitor your bank accounts closely for any unusual transactions, especially if you provided bank details to Aflac for premium payments or claim disbursements. Expats should also be alert for suspicious communications claiming to be from Aflac. Cybercriminals often exploit data breaches by sending phishing emails or making phone calls that appear legitimate because they contain accurate personal information. Be skeptical of any unsolicited contact requesting additional personal details, password changes, or financial information. Aflac will not ask for sensitive information through unsolicited emails or phone calls. This incident highlights the broader cybersecurity challenges facing Japan's financial services sector. As companies increasingly digitize customer services, they become attractive targets for cybercriminals. For expats, who often rely heavily on online platforms due to language barriers or limited access to in-person services, understanding these risks is crucial. Considering changing your passwords for any online accounts associated with Aflac is advisable, using strong, unique passwords for each platform. If you use the same password across multiple services, update those as well. Enable two-factor authentication wherever possible to add an extra layer of security. The Japanese Personal Information Protection Commission, which oversees data privacy compliance, will likely investigate this breach. Affected customers may have rights under Japan's personal information protection laws, including the right to know exactly what data was compromised and how the company plans to prevent future incidents. For expats uncertain about their rights or how to protect themselves, consulting with English-speaking consumer protection services or your embassy may provide additional guidance. The breach serves as a reminder to regularly review which companies hold your personal information and to maintain vigilant monitoring of your financial accounts and credit status in Japan.