Aflac Company Cyber Security Posture
aflac.comOver 50 Million people worldwide have chosen Aflac because of our commitment to providing customers with the confidence that comes from knowing they have assistance in being prepared for whatever life may bring. With Aflac, whether you're a large business or a small one, you can provide your employees with the kind of benefits theyโd expect from a bigger company, helping your business stand out from the crowd. Hundreds of thousands of businesses across the United States already make Aflac available to their employeesโat no direct cost to their company. Choose from a wide range of products that can help your employees with health eventsโfrom accidents, to disability, to cancer, to life insurance. Your employees enjoy benefits from Aflac, all employee-paid. Please check out aflac.com for more information.
Aflac Company Details
aflac
18219 employees
158635.0
524
Insurance
aflac.com
39
AFL_9850231
In-progress
Aflac Risk Score (AI oriented)Between 600 and 700
This score is AI-generated and less favored by cyber insurers, who prefer the TPRM score.
Aflac Global Score.png)
Aflac Company Scoring based on AI Models
| Model Name | Date | Description | Current Score Difference | Score |
|---|---|---|---|---|
| AVERAGE-Industry | 03-12-2025 | This score represents the average cybersecurity rating of companies already scanned within the same industry. It provides a benchmark to compare an individual company's security posture against its industry peers. | N/A | Between 600 and 700 |
Aflac Company Cyber Security News & History
| Entity | Type | Severity | Impact | Seen | Url ID | Details | View |
|---|---|---|---|---|---|---|---|
| Aflac | Breach | 50 | 4 | 05/2018 | AFL17551822 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: Aflac insurance company has encountered a breach of personal data that has exposed the email accounts belonging to a small number of independent contractor sales agents. Clients' personal information such as names, addresses, dates of birth, policy numbers, social security numbers, and bank account information may have been exposed. The unauthorized access to email accounts happened between Jan. 17 and April 2. The company took immediate action by resetting passwords, isolating specific email accounts and contacting the affected insurance agents. Aflac has stated that they are unaware of any misuse of personal or health information at this time. | |||||||
| Aflac | Breach | 85 | 4 | 6/2025 | AFL600062025 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: Aflac, the largest supplemental insurance provider in the U.S., disclosed a breach where attackers may have stolen personal and health information. The network was not affected by ransomware, but sensitive information related to customers, beneficiaries, employees, agents, and other individuals was potentially exposed. The breach was part of a broader campaign targeting insurance companies by a sophisticated cybercrime group, possibly Scattered Spider. | |||||||
Aflac Company Subsidiaries
Over 50 Million people worldwide have chosen Aflac because of our commitment to providing customers with the confidence that comes from knowing they have assistance in being prepared for whatever life may bring. With Aflac, whether you're a large business or a small one, you can provide your employees with the kind of benefits theyโd expect from a bigger company, helping your business stand out from the crowd. Hundreds of thousands of businesses across the United States already make Aflac available to their employeesโat no direct cost to their company. Choose from a wide range of products that can help your employees with health eventsโfrom accidents, to disability, to cancer, to life insurance. Your employees enjoy benefits from Aflac, all employee-paid. Please check out aflac.com for more information.
Access Data Using Our API
Get company history
Rapid.png)
Aflac Cyber Security News
Aflac discloses cyber intrusion linked to wider crime spree targeting insurance industry
The breach marks the latest in a series of recent attacks linked to cybercrime group Scattered Spider.
Aflac Incorporated Discloses Cybersecurity Incident
This attack, like many insurance companies are currently experiencing, was caused by a sophisticated cybercrime group. This was part of aย ...
Aflac Discloses Cybersecurity Incident, Customer Data Potentially Exposed Amid Industry-Wide Attacks
Insurance giant Aflac Incorporated has confirmed it was hit by a cybersecurity breach this month, making it one of the latest casualties in aย ...
Cybercriminals breach Aflac as part of hacking spree against US insurance industry
Cybercriminals have breached insurance giant Aflac, potentially stealing Social Security numbers, insurance claims and health information,ย ...
What the Aflac cybersecurity breach means for customers and how to get free help
A cybersecurity breach of Aflac's computer network โpotentially impactedโ private information of an unclear number of customers,ย ...
Aflac discloses cybersecurity incident
Aflac said Friday that it experienced a cybersecurity incident last week that may have impacted files containing social security numbers,ย ...
Aflac says hackers may have stolen customers' claims info, including Social Security numbers
Aflac on Friday said hackers have gained access to its customers personal information in a cybersecurity attack last week. The company, whichย ...
Aflac discloses cybersecurity incident
Aflac disclosed that it identified suspicious activity on its U.S. network on June 12, 2025, prompting the company to activate its cyberย ...
Aflac says it's investigating a cyberattack amid hacking spree targeting insurance companies
The U.S. insurer said hackers may have stolen sensitive personal information from some customers.
Aflac Similar Companies
Aditya Birla Sun Life Insurance
Established in 2000, Aditya Birla Sun Life Insurance Company Limited (formerly Birla Sun Life Insurance Company Limited) is a joint venture between the Aditya Birla Group, a well known and trusted name globally amongst Indian conglomerates and Sun Life Financial Inc, leading international financial
Unum
Since our founding in 1848, Unum has been a leader in the employee benefits business through innovation, integrity and an unwavering commitment to our customers. This simple philosophy has guided us through Americaโs fledgling insurance landscape and helped us become an international leader in finan
QBE Insurance
QBE is an international insurer and reinsurer listed on the Australian Securities Exchange and headquartered in Sydney. We employ over 13,000 people in 26 countries. Leveraging our deep expertise and insights, QBE offers commercial, personal and specialty products and risk management solutions to h
State Life Insurance Pakistan
The Life Insurance Business in Pakistan was nationalized in March 1972. Initially, the Life Insurance business of 32 Insurance Companies was merged and placed under three Beema Units named โAโ, โBโ and โCโ Beema Units. However, later these Beema Units were merged, and effective November 1, 1972, the
GEICO
GEICO (Government Employees Insurance Company) offers a variety of insurance such as vehicle, property, business, life, umbrella, travel, pet, jewelry and more. The company, which was founded in 1936, is the third-largest auto insurer in the United States and insures vehicles in all 50 states an
Humana
Humana will never ask, nor require a candidate to provide money for work equipment and network access during the application process. If you become aware of any instances where you as a candidate are asked to provide information and do not believe it is a legitimate request from Humana or affiliate,
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Aflac CyberSecurity History Information
How many cyber incidents has Aflac faced?
Total Incidents: According to Rankiteo, Aflac has faced 2 incidents in the past.
What types of cybersecurity incidents have occurred at Aflac?
Incident Types: The types of cybersecurity incidents that have occurred incidents Breach.
How does Aflac detect and respond to cybersecurity incidents?
Detection and Response: The company detects and responds to cybersecurity incidents through incident response plan activated with True and third party assistance with True and containment measures with Stopped the intrusion within hours and containment measures with resetting passwords, isolating specific email accounts and communication strategy with contacting the affected insurance agents.
Incident Details
Can you provide details on each incident?
Incident : Data Breach
Title: Aflac Data Breach
Description: Aflac disclosed a data breach where personal and health information may have been stolen by attackers targeting insurance companies across the United States.
Type: Data Breach
Attack Vector: Sophisticated cybercrime campaign
Threat Actor: Scattered Spider, 0ktapus, UNC3944, Scatter Swine, Starfraud, Muddled Libra
Motivation: Data theft
Incident : Data Breach
Title: Aflac Insurance Company Data Breach
Description: Aflac insurance company has encountered a breach of personal data that has exposed the email accounts belonging to a small number of independent contractor sales agents. Clients' personal information such as names, addresses, dates of birth, policy numbers, social security numbers, and bank account information may have been exposed. The unauthorized access to email accounts happened between Jan. 17 and April 2. The company took immediate action by resetting passwords, isolating specific email accounts and contacting the affected insurance agents. Aflac has stated that they are unaware of any misuse of personal or health information at this time.
Date Detected: 2023-01-17
Date Resolved: 2023-04-02
Type: Data Breach
Attack Vector: Unauthorized Access to Email Accounts
What are the most common types of attacks the company has faced?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident?
Incident : Data Breach AFL600062025
Data Compromised: Claims information, Health information, Social security numbers, Other personal information
Incident : Data Breach AFL17551822
Data Compromised: names, addresses, dates of birth, policy numbers, social security numbers, bank account information
Systems Affected: Email Accounts
What types of data are most commonly compromised in incidents?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Claims information, Health information, Social security numbers, Other personal information, personal information and health information.
Which entities were affected by each incident?
Incident : Data Breach AFL600062025
Entity Type: Insurance Company
Industry: Insurance
Location: United States
Size: Fortune 500
Response to the Incidents
What measures were taken in response to each incident?
Incident : Data Breach AFL600062025
Incident Response Plan Activated: True
Third Party Assistance: True
Containment Measures: Stopped the intrusion within hours
Incident : Data Breach AFL17551822
Containment Measures: resetting passwords, isolating specific email accounts
Communication Strategy: contacting the affected insurance agents
Data Breach Information
What type of data was compromised in each breach?
Incident : Data Breach AFL600062025
Type of Data Compromised: Claims information, Health information, Social security numbers, Other personal information
Sensitivity of Data: High
Data Exfiltration: True
Personally Identifiable Information: True
Incident : Data Breach AFL17551822
Type of Data Compromised: personal information, health information
Sensitivity of Data: High
Personally Identifiable Information: names, addresses, dates of birth, policy numbers, social security numbers, bank account information
How does the company handle incidents involving personally identifiable information (PII)?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through were Stopped the intrusion within hours, resetting passwords and isolating specific email accounts.
Ransomware Information
Was ransomware involved in any of the incidents?
Incident : Data Breach AFL600062025
Data Exfiltration: True
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident?
Incident : Data Breach AFL600062025
Regulatory Notifications: U.S. Securities and Exchange Commission (SEC)
Lessons Learned and Recommendations
What recommendations were made to prevent future incidents?
Incident : Data Breach AFL600062025
Recommendations: Pay particular attention to potential social engineering attempts on help desks and call centers
What recommendations has the company implemented to improve cybersecurity?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Pay particular attention to potential social engineering attempts on help desks and call centers.
References
Where can I find more information about each incident?
Incident : Data Breach AFL600062025
Source: BleepingComputer
Where can stakeholders find additional resources on cybersecurity best practices?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: BleepingComputer.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through was contacting the affected insurance agents.
Post-Incident Analysis
Additional Questions
General Information
Who was the attacking group in the last incident?
Last Attacking Group: The attacking group in the last incident were an Scattered Spider, 0ktapus, UNC3944, Scatter Swine, Starfraud and Muddled Libra.
Incident Details
What was the most recent incident detected?
Most Recent Incident Detected: The most recent incident detected was on 2023-01-17.
What was the most recent incident resolved?
Most Recent Incident Resolved: The most recent incident resolved was on 2023-04-02.
Impact of the Incidents
What was the most significant data compromised in an incident?
Most Significant Data Compromised: The most significant data compromised in an incident were Claims information, Health information, Social security numbers, Other personal information, names, addresses, dates of birth, policy numbers, social security numbers and bank account information.
What was the most significant system affected in an incident?
Most Significant System Affected: The most significant system affected in an incident was Email Accounts.
Response to the Incidents
What containment measures were taken in the most recent incident?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Stopped the intrusion within hours, resetting passwords and isolating specific email accounts.
Data Breach Information
What was the most sensitive data compromised in a breach?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Claims information, Health information, Social security numbers, Other personal information, names, addresses, dates of birth, policy numbers, social security numbers and bank account information.
Lessons Learned and Recommendations
What was the most significant recommendation implemented to improve cybersecurity?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Pay particular attention to potential social engineering attempts on help desks and call centers.
References
What is the most recent source of information about an incident?
Most Recent Source: The most recent source of information about an incident is BleepingComputer.
What Do We Measure?
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
