Aflac Data Breach Affects PII and PHI of Millions

Aflac Incorporated, a major supplier of supplemental health insurance, experienced a major data breach. Aflac discovered suspicious activity on its network on June 12, 2025, and determined the breach was the result of a cyberattack.

Aflac reported the data breach in a press release on June 20, 2025. The cybersecurity incident may have compromised both personally identifiable information (PII) and protected health information (PHI).

Alfac has launched an investigation to determine the exact number of individuals the data breach affected. Exposed information may include claims information, health information, social security numbers, and/or other personal information, related to customers, beneficiaries, employees, agents, and others involved in Aflac's U.S. business.

Aflac's response

In addition to the press release, Aflac will issue state and federal disclosures as required by law. Aflac is working to identity all affected customers and employees, and will notify all impacted individuals.

While Aflac conducts its investigation and review of the compromised data files, it is offering 24 months of free credit monitoring, identity theft protection, and Medical Shield.

Individuals that believe they may be affected by the Aflec data breach can sign up for the free services by calling 1-855-361-0305 Monday through Friday from 9:00 a.m. to 9:00 p.m. Eastern Time, Saturday from 9:00 a.m. to 5:30 p.m. Eastern Time and Sundays from 10:00 a.m. to 4:00 p.m. Eastern Time until the end of June.

If you believe your personal information may have been compromised in the Aflac breach:

• Carefully review any notice or communication you receive from Aflac.
• Monitor financial accounts and credit reports for signs of identity theft.
• Consider placing fraud alerts or credit freezes with major credit bureaus.
• Be cautious of unsolicited emails or phone calls requesting personal information.

To learn more about the insurance company, visit the Aflec website.