Breach taxonomy
Summary
On June 12, 2025, Aflac Incorporated identified unauthorized access to its network and contained the intrusion within hours. The company commenced a review of potentially impacted files, which contain claims information, health information, Social Security numbers, and other personal information related to customers, beneficiaries, employees, agents, and other individuals in its U.S. business. Business operations remained fully operational; systems were not affected by ransomware. Filed under Item 8.01; materiality not yet determined as of filing date.
Tagging rationale
ThreatUnknown
Filing does not attribute the incident to a specific actor → UNKNOWN.
MethodsData Exfil
Unauthorized access to network with review of potentially impacted files underway; company will notify affected individuals, indicating data was accessed/exfiltrated → DATA-EXFIL.