Aflac Cyberattack Highlights Rising Insurance Industry Cybersecurity Challenges
On June 12, 2025, Aflac Incorporated, a leading U.S. supplemental health insurance provider, detected and contained a cybersecurity intrusion on its U.S. network within hours. The company confirmed that its business operations, including policy underwriting and claims processing, were not disrupted and that no ransomware affected its systems. This incident reflects a broader trend of sophisticated cyberattacks targeting the insurance sector by organized cybercrime groups.
Aflac engaged third-party cybersecurity experts to aid in investigating the breach, which preliminary findings suggest resulted from social engineering tactics used to gain unauthorized network access. The investigation remains ongoing, with an initial review identifying potentially impacted files containing sensitive data such as claims information, health records, Social Security numbers, and other personal information belonging to customers, beneficiaries, employees, and agents within Aflac's U.S. operations.
In response, Aflac has established a dedicated call center and is offering affected individuals free credit monitoring, identity theft protection, and Medical Shield coverage for 24 months. The call center operates Monday through Friday from 9 a.m. to 9 p.m. ET, Saturday from 9 a.m. to 5:30 p.m. ET, and Sunday from 10 a.m. to 4 p.m. ET through the end of June 2025.
This cyber incident underscores the continuing cybersecurity risks faced by insurance companies, emphasizing the importance of vigilance and rapid response protocols within the industry. Aflac has committed to maintaining transparency and keeping stakeholders informed as its investigation progresses. The company also highlights its long-standing market position and corporate responsibility credentials, including recognition for ethical practices and sustainability commitments.
For U.S. insurance professionals, this event highlights critical compliance and risk management considerations amid a complex cyber threat landscape. It also demonstrates the potential operational impacts and reputational risks associated with breaches involving sensitive personal and health information. Proactive cybersecurity measures, prompt incident response, and comprehensive customer support mechanisms remain essential components of effective risk mitigation in the insurance sector.