Aflac Cyberattack Exposes Customer Data in Sophisticated Breach
What Happened?
Hackers infiltrated Aflac’s U.S. network on June 12, 2025, gaining access to sensitive customer data in a targeted cyberattack. Aflac, a major provider of accident, life, and health insurance, confirmed the breach on Friday and identified the threat actors as a “sophisticated cybercrime group.”
The attackers used social engineering tactics to manipulate individuals and gain access to internal systems. Aflac’s cybersecurity team detected suspicious activity and shut down the intrusion within hours. The company stated that ransomware did not play a role in the incident.
This breach is part of a broader cybercrime campaign aimed at the insurance industry. Erie Insurance and Philadelphia Insurance Companies also suffered similar attacks earlier this month.
What Information Did Hackers Access?
While Aflac has not yet determined the full scope of the breach, it acknowledged that attackers may have accessed:
- Full names
- Contact details (addresses, phone numbers)
- Social Security numbers (SSNs)
- Health and medical claims data
- Insurance policy information
Cybersecurity investigators are currently reviewing potentially impacted files to assess the damage.
How Did Hackers Pull Off the Attack?
The hackers bypassed technical defenses by using social engineering—tricking someone inside Aflac’s organization into granting access. After identifying the breach, Aflac’s internal security team activated its incident response plan and quickly contained the threat.
Aflac hired third-party cybersecurity experts to conduct a full investigation and ensure the attackers no longer have access to the network.
What Can Criminals Do with This Data?
The type of data exposed in this breach allows criminals to carry out a range of malicious activities:
Identity Theft
Cybercriminals can use SSNs and birthdates to open credit lines, apply for loans, or commit tax fraud.
Health Insurance Fraud
Bad actors can submit fraudulent medical claims or misuse policyholder information for financial gain.
Phishing and Scams
With names, addresses, and health plan details, attackers can craft convincing phishing messages that impersonate Aflac or healthcare providers.
How Has Aflac Responded?
Aflac confirmed that its business operations remain fully functional. Customers can continue to file claims, purchase policies, and receive support without interruption.
To protect affected customers, Aflac is offering:
- Free credit monitoring
- Identity theft protection
- Medical Shield services for 24 months
Aflac also opened a dedicated support line at 1-855-361-0305. Customers can call Monday through Friday from 9 a.m. to 9 p.m. EST, Saturday from 9 a.m. to 5:30 p.m., and Sunday from 10 a.m. to 4 p.m. The call center will remain active through the end of June.
In its public statement, Aflac said:
“We continue to serve our customers as we respond to this incident. We took immediate action to stop the intrusion and launched a full investigation.”
How OptMsg Helps You Stay Secure
Advanced Email Filtering
OptMsg blocks phishing and scam emails before they reach your inbox, protecting you from attackers posing as insurance providers or government agencies.
Encrypted Messaging
OptMsg encrypts your private conversations to prevent unauthorized access.
Privacy by Design
OptMsg never sells or shares your data. Its tools are built from the ground up with your privacy in mind.
What Should You Do If You’re Affected?
- Review your medical and financial accounts for unusual activity
- Place a fraud alert or freeze your credit reports with major bureaus
- Avoid clicking links or answering calls from unknown sources pretending to represent Aflac
- Use OptMsg to communicate securely and protect your personal information
- Take advantage of Aflac’s free protection services
Helpful Links:
Why This Matters
Even though Aflac acted quickly to contain the breach, the exposure of medical and personal data leaves customers vulnerable to long-term risks. With cyberattacks on insurers increasing in frequency and sophistication, now is the time to take digital privacy seriously.
Protect yourself from identity theft and scams—switch to OptMsg for privacy-first communication that puts your security first.
