Aflac Cybersecurity Incident: 22.6 Million Personal Data Stolen
TL;DR
- Aflac experienced a major cybersecurity incident in June 2025, compromising the personal and sensitive data of 22.65 million individuals. The stolen information includes names, dates of birth, addresses, government IDs, Social Security numbers, and medical details. This breach is part of a broader trend targeting the insurance industry, prompting Aflac to offer credit monitoring and identity theft protection services to affected customers.
Aflac Data Breach Impacts 22.65 Million Individuals
Aflac, the insurance company, has announced that a cybersecurity incident in June 2025 affected the personal information of approximately 22.65 million individuals. The company disclosed the incident and has begun notifying those affected. More information is available on Aflac's website.
Details of the Breach
The stolen data includes:
- Customer names
- Dates of birth
- Home addresses
- Government-issued ID numbers (e.g., passports, state ID cards, driver’s licenses)
- Social Security numbers
- Medical and health insurance information
Aflac's filing with the Iowa attorney general indicates that the cybercriminals may be affiliated with a known cyber-criminal organization that has been targeting the insurance industry.
Aflac's Response
Following the detection of the breach, Aflac secured potentially impacted accounts, reset passwords, and increased monitoring for suspicious activity. Aflac's press release states that the company is not aware of any fraudulent use of personal information to date and will continue to monitor for such activity with third-party partners. The company also provided customers with credit monitoring, identity theft protection, and medical fraud protection. Further details can be found in their update.
Cybercrime Targeting Insurance Industry
Aflac noted that this attack was part of a broader cybercrime campaign against the insurance industry. Other insurance companies, such as Erie Insurance and Philadelphia Insurance Companies, have also experienced data breaches around the same time. The FBI's Internet Crime Complaint Center (IC3) has reported that personal data breaches are among the top cybercrimes. The IC3's "Internet Crime Report 2024" highlights that data breaches are a significant threat to critical infrastructure organizations.
Gopher Security's AI-Powered Zero-Trust Architecture
In light of increasing cyber threats, Gopher Security specializes in providing advanced cybersecurity solutions. Our AI-powered, post-quantum Zero-Trust architecture is designed to protect organizations from sophisticated cyberattacks. The platform converges networking and security across devices, apps, and environments, utilizing peer-to-peer encrypted tunnels and quantum-resistant cryptography. This ensures robust protection for endpoints, private networks, cloud environments, remote access, and containers.
Enhance Your Cybersecurity Posture: Contact Gopher Security
Protect your organization with Gopher Security's advanced cybersecurity solutions. Explore our offerings and contact us today to learn how our AI-powered, Zero-Trust architecture can safeguard your data and infrastructure. Visit https://gopher.security for more information.
