Aflac Update Regarding Cybersecurity Incident

This past Friday, June 20^th, Aflac publicly disclosed a cyber security incident. While it is unfortunate that this has occurred, we want to provide you with a clear picture of what we know now, what it means for you, and what we are doing to support our partners, customers and other key stakeholders as we work to respond to and navigate this incident.

What Happened

Aflac recently detected suspicious activity on its network. Upon detection, we promptly took steps to contain the activity and launched an investigation with the support of third-party experts. While it is unfortunate that this has occurred, we want to let you know what it means for you and what we are doing to support customers as we work diligently to respond to and navigate this incident.

Our Response and Investigation 

First, due to the rapid response of our team, our systems were not affected by ransomware and the intrusion was contained within hours, which allowed our business operations to remain uninterrupted – we are continuing to serve you as we were prior to this incident. In the spirit of transparency and care for our customers, it is important that you know we are here for you and the continuity of service you have come to expect from Aflac remains unchanged at this time.

Second, the investigation remains in its early stages. At this time, we have not confirmed the extent of unauthorized activity, potentially impacted data, or the customers or other individuals impacted. We have commenced a review of potentially impacted files. It is important to note that the review is in its early stages, and we are unable to determine the total number of affected individuals until that review is completed. The potentially impacted files may contain claims information, health information, social security numbers, and/or other personal information, related to customers, beneficiaries, employees, agents, and other individuals in its U.S. business. Based on intelligence coming from the cybersecurity community, we have been told that this incident may be part of a broader series of cyber-attacks targeting the insurance industry.

We regret that this has occurred, and regret any distress this news may cause to you. As the investigation into this incident is in its early stages, it will be some time before that review is complete. Should we determine that your specific personal information was impacted, we will notify you at a later date in accordance with applicable law.

How to Protect Yourself

However, we want to provide our customers with support now. We've established a dedicated call center to answer questions you may have. Although we do not yet know whether your personal information was potentially impacted, out of an abundance of caution, we are offering any individual who contacts our dedicated call center free credit monitoring and identity theft protection for 24 months. The call center can be reached at 1-855-361-0305 starting on June 20 at 8:00 a.m. Eastern Time. The call center will be available Monday through Friday from 9:00 a.m. to 9:00 p.m. Eastern Time, Saturday from 9:00 a.m. to 5:30 p.m. Eastern Time and Sunday from 10:00 a.m. to 4:00 p.m. Eastern Time, excluding major U.S. holidays.