Insurance coverage firm Allianz Life has confirmed that the non-public info for the “majority” of its 1.4 million clients was uncovered in a data breach that occurred earlier this month.
“On July 16, 2025, a malicious risk actor gained entry to a third-party, cloud-based CRM system utilized by Allianz Life Insurance coverage Firm of North America (Allianz Life),” an Allianz Life spokesperson instructed BleepingComputer.
“The risk actor was capable of acquire personally identifiable information associated to nearly all of Allianz Life’s clients, monetary professionals, and choose Allianz Life staff, utilizing a social engineering method.”
“We took quick motion to include and mitigate the difficulty and notified the FBI. Primarily based on our investigation to-date, there isn’t any proof the Allianz Life community or different firm programs have been accessed, together with our coverage administration system.”
“Our investigation is ongoing and we started the method of reaching out to people impacted with devoted sources to help them. This incident is said solely to Allianz Life, which at present has 1.4 million clients.”
Allianz Life is a US-based supplier of annuities and life insurance coverage for over 1.4 million People. The corporate is owned by Allianz SE, a world monetary providers group headquartered in Germany, serving greater than 128 million clients.
The corporate first revealed the breach in a compulsory submitting with Maine’s Legal professional Normal’s Workplace on Saturday, issuing a placeholder notification alerting of the breach.
“The buyer discover can be offered as soon as Allianz has recognized the affected people,” reads the placeholder notification.
Whereas Allianz Life declined to reply questions in regards to the risk actor and whether or not they have been being extorted, BleepingComputer has realized that the assault is believed to have been carried out by the ShinyHunters extortion group.
ShinyHunters is a bunch of risk actors who’re linked to a number of high-profile data breaches and assaults, together with these in opposition to PowerSchool and the SnowFlake assaults, which impacted Santander, Ticketmaster, AT&T, Advance Auto Components, Neiman Marcus, and Cylance.
Whereas a number of ShinyHunters members have been arrested over the previous few years, together with a current arrest in France, the hacking group continues to conduct assaults.
Final month, Mandiant warned that ShinyHunters had begun to focus on Salesforce CRM clients in social engineering assaults.
Throughout these assaults, the hackers impersonate IT assist personnel, requesting the focused worker settle for a connection to Salesforce Data Loader, a shopper utility that permits customers to import, export, replace, or delete information inside Salesforce environments.
As soon as the connection is accepted, the risk actors use Salesforce Data Loader to exfiltrate information from Salesforce, which is then used to extort the corporate.
BleepingComputer requested Allianz Life if the CRM is Salesforce, however the spokesperson declined to remark.
CISOs know that getting board buy-in begins with a transparent, strategic view of how cloud security drives enterprise worth.
This free, editable board report deck helps security leaders current danger, impression, and priorities in clear enterprise phrases. Flip security updates into significant conversations and quicker decision-making within the boardroom.
