Industry - Data Breach
Executive Summary
Insurance companies Aflac and Zurich disclosed that approximately 2 million Japanese customers had their personal information compromised after a third-party US subcontractor was breached, with hackers posting the stolen data for sale online. Aflac reported that 1.3 million cancer insurance customers' data was exposed, including age, gender, policy numbers and coverage amounts, while Zurich confirmed 760,000 auto insurance customers had names, birth dates, email addresses and vehicle informat...
What Happened
Insurance companies Aflac and Zurich disclosed that approximately 2 million Japanese customers had their personal information compromised after a third-party US subcontractor's server was breached. Aflac reported that 1.3 million cancer insurance customers had data exposed including age, gender, policy numbers, and coverage amounts, while Zurich confirmed 760,000 auto insurance customers had names, birth dates, email addresses, policy numbers, and vehicle information compromised. The stolen data was subsequently posted for sale on an information leak site by hackers.
Who Is Affected
Approximately 2 million Japanese insurance customers are affected - 1.3 million Aflac cancer insurance policyholders and 760,000 Zurich auto insurance policyholders. The breach appears limited to customers in Japan and does not impact policyholders in other regions where these insurers operate. The exposed personal information varies by insurer but includes policy details, demographic data, and in Zurich's case, vehicle information and contact details.
Why It Matters
This incident demonstrates the cascading privacy risks created by third-party vendors and subcontractors, where a single breach can expose millions of customers across multiple organizations. The public posting of stolen data for sale significantly increases the risk of identity theft, targeted phishing, and insurance fraud against affected individuals. The breach underscores how customers have limited control over their data once it enters complex supply chains involving companies they never directly engaged with.
What You Should Do
If you are an Aflac or Zurich policyholder in Japan, monitor your accounts closely for unauthorized changes and watch for targeted phishing attempts referencing your policy details. Be skeptical of any unsolicited communications claiming to be from your insurer, and verify requests by contacting the company directly through official channels rather than responding to emails or calls. Consider placing fraud alerts with credit bureaus and reviewing your insurance statements for any suspicious activity or policy modifications you did not authorize.
Summary generated from verified sources and reviewed before publication. How we summarize.