American insurance behemoth **Aflac** (American Family Life Assurance Company) has revealed a significant data breach affecting its operations in Japan. The incident, disclosed in a recent **U.S. Securities and Exchange Commission (SEC)** filing, saw unauthorized third parties infiltrate **Aflac Japan**'s systems, leading to the theft of sensitive customer information. According to the **SEC** filing, **Aflac Japan** discovered the unlawful access on June 25, 2026, with the intrusion occurring between June 15, 2026, and June 25, 2026. Upon detection, **Aflac Japan** swiftly initiated containment measures, including the suspension of certain systems, to prevent further compromise. Despite these actions, the company confirms that policyholders continue to be served. ### Compromised Data and Regulatory Response The ongoing investigation, supported by external cybersecurity experts, has confirmed that the attackers accessed files containing policy and coverage details, personal information, and bank account information. **Aflac Japan** has notified the **Japan Financial Services Agency** and other relevant authorities. Affected individuals will receive appropriate notifications regarding the breach. **Aflac** has clarified that this incident is confined to its Japanese systems, and its U.S. business operations were not impacted. ### A Recurring Challenge This is not the first time **Aflac** has faced a data breach. Just a year prior, the company disclosed another incident amidst a wave of attacks targeting insurance providers across the United States. While that breach was not officially attributed, it bore the hallmarks of attacks carried out by the notorious threat group **Scattered Spider**. **Scattered Spider**, also known by monikers such as **0ktapus**, **UNC3944**, **Scatter Swine**, **Starfraud**, and **Muddled Libra**, has a history of targeting major organizations. They have been linked to breaches at **Erie Insurance** and **Philadelphia Insurance Companies (PHLY)**, and have collaborated with ransomware operations like **Qilin**, **RansomHub**, and **DragonForce**. Their extensive list of victims includes prominent names such as **MGM Resorts**, **DoorDash**, **Caesars**, **MailChimp**, **Twilio**, **Coinbase**, **Riot Games**, and **Reddit**. The full scope and ultimate financial impact of the current **Aflac Japan** breach remain under investigation.