Recently, Aflac—one of the largest insurance companies in the U.S.—reported a data breach. This means that someone broke into their systems without permission and may have taken personal information about customers.
We’re sharing this to help you understand what happened, why it matters, and what you can do to protect yourself.
What Happened
Aflac says that on June 12, cybercriminals accessed their U.S. systems. The company quickly stopped the attack within a few hours. However, during that time, hackers may have accessed sensitive information, such as:
- Social Security numbers (SSNs)
- Health records
- Insurance claims
- Contact information
Aflac is now offering 24 months of free identity protection services to help people who may have been affected by asking them to contact their call center.
Why This Matters
Your personal information—like your Social Security number or health records—is very valuable to criminals. They can use it to:
- Open new accounts in your name
- File fake tax returns
- Commit medical or insurance fraud
- Trick you into giving up more information (a tactic known as phishing)
Even if your data hasn’t been used yet, taking action now can help you avoid problems later.
What You Can Do Right Now
Here are six steps you can take to protect your identity and personal information:
- Sign Up for Identity Protection
If Aflac or another company offers it for free, use it. These services can monitor your credit, alert you to fraud, and help you recover if something goes wrong. - Freeze Your Credit
A credit freeze prevents criminals from opening new accounts in your name. It’s free and easy to do at all three major credit bureaus:- Equifax
- Experian
- TransUnion
- Use Strong Passwords and MFA
Don’t reuse passwords. Create a strong, unique password for each account. Turn on MFA wherever possible to add extra protection. - Check Your Credit and Bank Accounts
Watch for any charges you didn’t make or new accounts you didn’t open. You can get a free credit report from each bureau once a year at AnnualCreditReport.com. - Be Careful with Emails and Phone Calls
Scammers often contact people after breaches. Don’t click on links in suspicious emails or give out personal information unless you’re sure who you’re talking to. - Report Any Problems Immediately
If you think someone is misusing your information, report it at IdentityTheft.gov. They’ll help you create a recovery plan and walk you through the steps.
What Is MFA (Also Called 2FA)?
Multi-factor authentication (MFA), also known as two-factor authentication (2FA), adds a second step when logging into your online accounts. After entering your password, you must also confirm your identity in another way.
This second step might include:
- A code sent to your phone by text or from an authenticator app
- A fingerprint or face scan
- A physical device, like a USB security key
This extra layer of protection makes it much harder for hackers to get into your accounts, even if they know your password.
Lynette Owens is Vice President of Consumer Education & Marketing at Trend Micro and Founder of the company's signature Internet Safety for Kids and Families program. With 30+ years in the tech industry, Lynette oversees global initiatives to help deliver the technology tools and education that people of all ages need to keep themselves and their families safe online. She serves on the advisory boards of the Identity Theft Resource Center's Alliance for Identity Resilience, the Global Anti-Scam Alliance, and INHOPE.