Personal data of over 2 million policy holders of Aflac was leaked online in a third party data breach. As per Aflac hackers obtained 3.2 million records and leaked the personal information of about 1.3 million records of “New Cancer Insurance” and “Super Cancer Insurance” policyholders. Personal data that got leaked included policy holder’s last name, genders, ages, insurance type numbers, coverage amount and premiums. The breach took place from a third party U.S based contractor.
The information was circulated on dark web after the hacker obtained information from U.S contractor’s server. The data breach originated from a file transfer vulnerability on the third-party’s server used for marketing.
As per the GDPR in case of data breach the company has to inform the affected data subjects hence Aflac has also contacted the affected policy holders but as per Aflac the possibility of identifying a policy holder through the leaked data is extremely low as such leaked data cannot identify a person.