Hackers have stolen the non-public info of 1.1 million people in a Salesforce information theft assault, which impacted U.S. insurance coverage big Allianz Life in July.
Allianz Life has practically 2,000 staff in america and is a subsidiary of Allianz SE, which has over 128 million clients worldwide and ranks because the world’s 82nd largest firm primarily based on income.
As the corporate disclosed final month, info belonging to the “majority” of its 1.4 million clients was stolen by attackers who gained entry to a third-party cloud CRM system on July sixteenth.
Whereas Allianz Life didn’t identify the supplier of the compromised cloud-based CRM system on the time of the disclosure, BleepingComputer first reported that the breach was a part of a wave of Salesforce-targeted information theft assaults linked to the ShinyHunters extortion group.
Because the assault, ShinyHunters has leaked the databases stolen from the corporate’s Salesforce cases, containing roughly 2.8 million information information for particular person clients and enterprise companions, together with wealth administration firms, monetary advisors, and brokers.
On Monday, data breach notification service Have I Been Pwned revealed the extent of the incident, reporting that the e-mail addresses, names, genders, dates of start, cellphone numbers, and bodily addresses of 1.1 million Allianz Life clients had been stolen throughout the breach.
BleepingComputer has additionally confirmed with a number of individuals affected by this breach that their information (together with their tax IDs, cellphone numbers, e-mail addresses, and different info) within the leaked recordsdata is correct.
Many different high-profile firms worldwide had been additionally breached on this marketing campaign, together with Google, Adidas, Qantas, Louis Vuitton, Dior, Tiffany & Co., Chanel, and, most just lately, human assets big Workday.
The assaults are believed to have begun at first of the 12 months, with the risk actors tricking staff into linking a malicious OAuth app to their firm’s Salesforce occasion. As soon as related, the attackers downloaded and stole firm databases, later utilizing the information to extort victims through e-mail.
These extortion calls for had been signed as coming from ShinyHunters, a widely known extortion group linked to a string of high-profile breaches through the years, together with the Snowflake assaults and people towards AT&T and PowerSchool.
An Allianz Life spokesperson was not instantly accessible to verify Have I Been Pwned’s findings when contacted by BleepingComputer earlier right now.
46% of environments had passwords cracked, practically doubling from 25% final 12 months.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and information exfiltration tendencies.
