Breach taxonomy
Summary
On June 12, 2025, Aflac Incorporated identified unauthorized access to its network and contained the intrusion within hours. The company commenced a review of potentially impacted files, which contain claims information, health information, Social Security numbers, and other personal information related to customers, beneficiaries, employees, agents, and other individuals in its U.S. business. Business operations remained fully operational; systems were not affected by ransomware. Filed under Item 8.01; materiality not yet determined as of filing date.
Tagging rationale
ThreatUnknown
Filing does not attribute the incident to a specific actor → UNKNOWN.
MethodsData Exfil
Unauthorized access to network with review of potentially impacted files underway; company will notify affected individuals, indicating data was accessed/exfiltrated → DATA-EXFIL.
AssetsPersonal Data
Potentially impacted files contain claims information, health information, SSNs, and other personal information for customers, beneficiaries, employees, and agents → PERSONAL-DATA.
EffectsInfo Privacy Loss
Unauthorized access to PII including SSNs and health information with regulatory notifications planned; no operational disruption → INFO-PRIVACY-LOSS.
Business continuityNot Required
Filing states the company contained the intrusion within hours, business remains operational, and systems were not affected by ransomware → Not Required.
Impact
Unauthorized access to sensitive PII (SSNs, health information, claims data) for an unknown but potentially large number of individuals across a major insurer; scope of breach still under review as of filing → score 3.
InsuranceNot disclosed
Filing makes no mention of insurance → null.
Read the original SEC filing excerpt
Item 8.01 Other Events. On June 12, 2025, Aflac Incorporated, a Georgia corporation (the Company), identified unauthorized access to its network. The Company promptly initiated its cybersecurity incident response protocols and believes that it contained the intrusion within hours. The Company's business remains operational, and its systems were not affected by ransomware. The Company continues to serve its policyholders as it responds to this incident and can underwrite policies, review claims, and otherwise service customers as usual. The Company has engaged leading third-party cybersecurity experts to support the Company's response to the incident. The Company has commenced a review of potentially impacted files. That review is in its early stages. The Company is unable to determine the total number of affected individuals until that review is completed. The potentially impacted files contain claims information, health information, social security numbers, and/or other personal information, related to customers, beneficiaries, employees, agents, and other individuals in its U.S. business. The Company anticipates notifying regulators and providing appropriate notifications to individuals affected by this incident. Individuals will be offered free credit monitoring and identity theft protection services. At this time, the full scope and potential ultimate impact on the Company are not known.