fintech · BleepingComputer
Aflac, a Fortune 500 supplemental insurance provider, disclosed a data breach affecting its Japan subsidiary on June 30, 2026. Threat actors gained unauthorized access to Aflac Japan's systems between June 15 and June 25, 2026, affecting 4.38 million customers. The attackers accessed files containing policy details, personal information, and bank account information. Aflac Japan contained the incident by suspending certain systems and notified Japanese financial authorities and affected individuals. The company stated that U.S. business systems were not accessed and the full scope of the incident remains under investigation with external cybersecurity experts.
For Omniware's clients in regulated industries, this incident underscores the importance of segmented network architecture and rapid incident response protocols. Healthcare providers and fintechs subject to HIPAA and compliance frameworks must ensure that subsidiary or regional operations maintain equivalent security postures and monitoring controls. Insurance companies managing sensitive personal and financial data should review their SOC2 and NIST 800-171 controls around system access logging, data classification, and incident containment procedures. An Omniware engagement can scope the applicability of these controls and third-party audit requirements for subsidiary breaches.
Source: BleepingComputer - https://www.bleepingcomputer.com/news/security/insurance-giant-aflac-discloses-data-breach-after-subsidiary-hack/
Source: BleepingComputer
All briefings