Platform

RYOEX uses cTrader, a next-generation platform known for its transparency and usability. Available on PC, smartphone, and web browsers with no installation required, you can start trading anytime, anywhere.

Tools

We offer trading tools and educational content useful for both beginners and professional traders. Grow with RYOEX and aim for a better trading experience.

RYOEX supports traders worldwide and realizes trading opportunities. Feel free to contact us anytime regarding our services or trading inquiries.

Aflac breach widens to about 4.4 million, report due end-July

Aflac breach widens to 4.4 million, report due end-July

The personal data leak from unauthorized access at Aflac Life Insurance is expected to expand to about 4.4 million people, up by about 20,000 from the figure announced at the end of June. Notifications to customers will be sent out in stages, and Aflac will submit to the Financial Services Agency a report detailing the cause analysis and steps to prevent a recurrence around the end of July.

Review of the leak scope

Aflac said on June 30 that a third party had gained unauthorized access to its policyholder-only website and that customer information had leaked. The data included names, addresses, phone numbers, policy numbers and coverage details, while some also contained bank account information used for premium transfers.

An internal investigation found that the unauthorized access began on June 10, five days earlier than the initially assumed June 15. The external viewable state continued until June 25, when staff detected the anomaly and shut down the system.

Notifications and bank response

The number of affected customers has been revised to about 4.4 million from the initially estimated 4.38 million, while the number of customers whose account information was leaked has been adjusted to about 220,000 from about 230,000. Since the 10th, Aflac has begun sending notifications to customers whose data it confirmed had leaked, starting with the roughly 220,000 whose bank account information was exposed. It aims to complete notifications to all 4.4 million customers by around the end of July.

In response to the account information leak, banks are also stepping up confirmation work. One megabank asked Aflac to clarify how many of the affected customers were its own clients. It plans to continue confirming the situation, including identifying account holders. Another megabank is also continuing transaction monitoring for signs of unauthorized use.

While bank account numbers alone do not immediately enable fraudulent withdrawals, the risk of secondary damage rises if an attacker can also guess PINs or obtain online banking passwords.

Cause investigation and FSA response

Aflac has set up a crisis response headquarters reporting directly to the president and is working to identify the cause with outside cybersecurity experts. According to people familiar with the matter, the attacker is believed to have stolen the IDs and passwords of multiple customers by some means and accessed the dedicated website by impersonating policyholders. However, the individual or group involved has not been identified.

With the spread of advanced AI such as U.S. startup Anthropic's 'Mythos', concerns have been raised that criminal groups could exploit undisclosed vulnerabilities. Even so, people involved in the probe believe the recent unauthorized access was 'unlikely to have used AI and was a classic method.'

On June 30, the Financial Services Agency issued an order demanding a report under the Insurance Business Act. Aflac plans to submit a report around the end of July summarizing the cause analysis and measures to prevent recurrence.

Cyberattacks on financial institutions

Cyberattacks targeting domestic financial institutions have been increasing recently. Since around March 2025, a series of fraudulent stock trades through account takeovers has hit multiple securities firms. Criminal groups stole IDs and passwords through phishing and other means, then impersonated customers to profit from market manipulation. Companies are advancing countermeasures, including making authentication using passkeys, which generate cryptographic keys on the device, mandatory.

In June 2025, Sompo Japan Insurance said it had suffered unauthorized access from outside and that information on about 17.5 million contracts and related records may have been viewed. The target was a system that exchanges information with sales agents. After receiving a report order from the FSA, Sompo Japan compiled measures to prevent a recurrence and made additional investments such as introducing multilayered defenses. The system hit by the unauthorized access remains shut down.

Enjoyed this article? Share it with your network!