What To Know About the Aflac Cyber Attack

Aflac, one of the largest American insurance companies, reported that cybercriminals breached its systems on June 20, 2025. Suspicious activity first occurred on Aflac’s U.S. network on June 12, and Aflac initiated its incident response plan to contain the spread of the cyber attack within several hours. At the time of this writing, Aflac’s investigation is still in the early stages, and the insurance giant hasn’t reported on how many of its customers were affected.

Continue reading to learn more key facts about the Aflac cyber attack, its broader impact and what the insurance industry can learn from it.

What you should know about the Aflac cyber attack

The impact of the Aflac cyber attack

The cyber attack that Aflac suffered is not an isolated incident within the insurance industry. Due to the amount of sensitive data these organizations have access to, insurance companies are frequently targeted by advanced cyber threats. In this incident, Aflac responded quickly by containing the breach within hours. However, PII was reportedly accessed, causing concern among customers, employees and individuals associated with Aflac. Even though Aflac is offering credit monitoring and identity theft protection to impacted customers, the damage to its reputation may be long-lasting.

What the insurance industry can learn from the Aflac cyber attack

In light of the high number of cyber attacks targeting insurance companies, the recent Aflac breach should serve as a wake-up call for insurers. Here are three key lessons the insurance industry should keep in mind:

Prioritize employee training against social engineering tactics

The cybercrime group responsible for the Aflac cyber attack successfully used social engineering tactics to trick employees and gain unauthorized access. This incident highlights how crucial it is for insurance companies to conduct regular cybersecurity awareness training, run phishing tests and enforce strict access controls. Solutions like KnowBe4 offer training programs that help organizations strengthen their defenses against social engineering and various types of cyber threats. Because human error is one of the most common causes of data breaches, all employees must stay aware of suspicious activity.

Strengthen oversight of third-party vendors

Third-party vendors are easy entry points for cybercriminals. Aflac’s cyber attack reinforces the risks created by interconnected systems, especially when vendors are not properly vetted or monitored. Insurers need to audit their entire supply chain and segment sensitive systems to minimize potential data exposure.

Dedicate time to create a strong incident response plan

When a company detects unauthorized access, it’s important to act quickly and be prepared. Aflac was able to detect and contain its breach within hours, which helped limit the damage. Other insurers can learn from this by investing in real-time threat detection tools and creating an incident response plan to prepare for future cyber threats.

Protect your company from cyber attacks

With a rise in cyber threats targeting the insurance industry, insurers must be proactive and take a multi-layered approach to their cybersecurity measures. Insurers should invest in employee training, secure third-party vendor access and develop a detailed incident response plan. In addition, insurers should use a trusted password manager and Privileged Access Management (PAM) solution like Keeper^®. By using KeeperPAM, insurers can enforce strong password hygiene, enable zero-trust access and monitor privileged access across an organization.

Request a demo of KeeperPAM today to reduce the risk of breaches caused by human error and protect your insurance company from evolving threats.