In an update published in December, Aflac said the compromised files contained information tied to customers, beneficiaries and employees. The data may have included contact details, claims records, health insurance information and Social Security numbers — a combination that significantly increases the risk of identity theft if misused.
The company said it detected and contained the attack within hours, launched an investigation and began notifying affected individuals shortly after. On its website, Aflac now hosts a detailed PDF explaining what support is available and what steps customers should take in the coming months.
Free protection services rolled out
To reassure those affected, Aflac is offering 24 months of complimentary CyEx cybersecurity services, which include credit monitoring, identity theft alerts and tools to protect medical information. These services are intended to help customers spot suspicious activity early — particularly unusual attempts to open new bank accounts, credit lines or medical claims in their name.
In a statement, Aflac emphasized that — as of now — the company has not identified evidence of fraudulent use of any stolen data. “Along with third-party partners, we will continue to monitor any potential activity,” the company said. A spokesperson told CNET there were no further comments beyond the published update.
A growing target for cybercriminals
Breaches at insurance companies and health-related organizations are especially troubling. These businesses hold large volumes of highly sensitive data that criminals can monetize in multiple ways — from filing fake claims to crafting convincing phishing attacks or selling identity profiles on underground markets.
Experts warn that even when stolen records do not appear immediately in scams, they may resurface months or years later. That’s why regulators increasingly urge companies to strengthen cybersecurity defenses and maintain transparency when incidents occur.
What affected customers can do
Security professionals recommend several practical steps for anyone caught up in a breach like this one:
- Freeze or lock your Social Security number, where possible, to prevent new credit accounts from being opened.
- Use strong, unique passwords and enable two-factor authentication on banking, email and insurance portals.
- Stay alert to phishing messages that reference insurance, claims or refunds — even if they appear to come from familiar brands.
- Regularly review credit reports and medical statements for unfamiliar entries.
Aflac’s own guidance mirrors these recommendations and encourages customers to enroll in the free monitoring services as soon as possible.
Rebuilding trust
For Aflac, the disclosure underscores the delicate balance between reassuring customers and acknowledging the seriousness of the exposure. While the company has tried to downplay the immediate impact, critics note that long-term risks remain — especially when Social Security numbers are involved.
The incident also highlights a broader reality: from insurers and hospitals to retailers and financial services, nearly every organization that handles consumer data is now a potential target. And for consumers, vigilance has become part of everyday life.
For millions of Aflac customers, the coming months will be about watching carefully, responding quickly to any suspicious signs — and hoping that proactive safeguards are enough to keep their identities safe.
