An insurance giant just leaked 4.38 million records while no one was looking for 11 days


Advertisements

TOKYO, Japan (June 2026) — A single user spent 11 days quietly sifting through millions of private insurance records before anyone noticed a thing. This massive breach at Aflac Life Insurance Japan exposed the personal information of approximately 4.38 million policyholders after an unauthorized party gained access to the policyholder website and related systems.

The intrusion went undetected from June 15 until June 25, when a sudden spike in processing load on the customer site finally flagged the suspicious activity. By the time the company disclosed the incident on June 30, 2026, the leaked data already included names, addresses, phone numbers, and birth dates.

Beyond basic contact info

The damage extends to policy numbers and coverage details for millions of customers. More concerning is the theft of bank account information for roughly 230,000 policyholders. Contact details for about 40,000 sales agents were also compromised during the 11-day window.

Identity as the new target

Security experts suggest this incident highlights a shift in how hackers operate. Takanori Nishiyama, senior vice president for Asia Pacific at Keeper Security, noted that large-scale breaches often stem from the misuse of legitimate access rather than forced entry.

Citing the 2026 Verizon Data Breach Investigations Report, Nishiyama pointed out that credential abuse is now present in 39 percent of breaches. For organizations holding sensitive data, identity has become the primary target for attackers.

A growing problem in the region

The trend is not limited to Japan. While Japan’s Personal Information Protection Commission saw a 57 percent record high in incident reports for the fiscal year ending March 2025, costs are rising across the board.

The 2025 IBM Cost of a Data Breach Report estimated the average breach across ASEAN economies at .67 million (approx. PHP 212.8 million). This represents a 14 percent rise to a record high for the region, a trend that directly impacts Pinoy businesses and organizations.

To combat these risks, experts recommend adopting zero-trust principles and real-time session monitoring. By securing privileged accounts, organizations can turn a nearly two-week intrusion into something detected within hours.


What's Your Reaction?

Wakeke Wakeke
0
Wakeke
BULOK! BULOK!
0
BULOK!
Aww :( Aww :(
0
Aww :(
ASTIG! ASTIG!
0
ASTIG!
AMP#*@! AMP#*@!
0
AMP#*@!
Nyeam! Nyeam!
0
Nyeam!
ASTIG PR