What the Aflac cybersecurity breach means for customers and how to get free help
A cybersecurity breach of Aflac’s computer network “potentially impacted” private information of an unclear number of customers, the Columbus-based supplemental insurance company announced Friday.
“It is important to note that the review is in its early stages, and we are unable to determine the total number of affected individuals until that review is completed,” the news release says.
Regardless of that number, Aflac said the exposed files could contain claims information, health information, Social Security numbers “and/or other personal information related to customers, beneficiaries, employees, agents and other individuals in our U.S. business.”
Aflac communications chief Ines Gutzmer told the Ledger-Enquirer it could take months to determine the number of customers who had their private data exposed and which customers.
“Forensics, which is what you do when you have a data incident, takes quite some time,” she said.
Gutzmer declined to estimate that number.
“You can talk to any cybersecurity leading company, and they will tell you that it takes a long time because there’s a lot of different tables you need to look at,” she said.
Aflac has more than 50 million customers worldwide, according to its LinkedIn account. The majority of Aflac’s customers are in Japan, but it is ranked No. 222 on the latest Fortune 500 list of U.S. companies generating the most revenue ($18.9 billion with 12,700 employees).
How the Aflac cybersecurity breach happened
On June 12, Aflac identified suspicious activity on its computer network in the United States, according to the company.
“We promptly initiated our cyber incident response protocols and stopped the intrusion within hours,” the news release says. “Importantly, our business remains operational, and our systems were not affected by ransomware. We continue to serve our customers as we respond to this incident and can underwrite policies, review claims, and otherwise service our customers as usual.”
The breach at Aflac is part of a hacking spree against the U.S. insurance industry, CNN reported Friday
“This attack, like many insurance companies are currently experiencing, was caused by a sophisticated cybercrime group,” Aflac’s news release says.
How Aflac is responding to its cybersecurity breach
Third-party cybersecurity experts are helping Aflac respond, the company said.
“While the investigation remains in its early stages, in the spirit of transparency and care for our customers, we are sharing that our preliminary findings indicate that the unauthorized party used social engineering tactics to gain access to our network,” the news release says.
How Aflac is helping customers after its cybersecurity breach
While the company tries to determine which customers are affected by this cybersecurity breach, Aflac is offering “any individual who contacts our dedicated call center free credit monitoring and identity theft protection and Medical Shield for 24 months,” the news release says.
The phone number for Aflac’s call center established to handle customer concerns about this cybersecurity breach is 855-361-0305. It will be open Mondays through Fridays from 9 a.m. to 9 p.m. EDT and Saturdays from 9 a.m. to 5:30 p.m. EDT until the situation is resolved, Gutzmer said, plus Sundays from 10 a.m. to 4 p.m. EDT through the end of this month to handle the first wave of calls.
Although any customer concerned about the status of their private data may contact the call center, Gutzmer said, Aflac will contact each customer if the company determines their information was compromised.
“There’s a legal notification that we have to send to every single customer that has been impacted,” she said. “. . . We will provide notice in a timely manner based on each state law.”
“We regret that this incident occurred,” the news release says. “We will be working to keep our stakeholders informed as we learn more and continue investigating the incident.”
This story was originally published June 20, 2025 at 1:42 PM.
