Tuesday, July 29, 2025
Latest:
The Register

Majority of 1.4M customers caught in Allianz Life data heist

TH Author

Financial services biz Allianz says the majority of customers of one of its North American subsidiaries had their data stolen in a cyberattack.

Lawyers acting on behalf of US-based Allianz Life filed a breach notification with Maine’s attorney general on Saturday, saying the intrusion began on July 16 and was detected a day later.

Official filings did not state how many people were affected, or what data was compromised, although in a statement to The Register, Allianz said the majority of its 1.4 million customers were impacted.

“The threat actor was able to obtain personally identifiable data related to the majority of Allianz Life’s customers, financial professionals, and select Allianz Life employees, using a social engineering technique,” a spokesperson said.

Allianz went on to say that the attacker or attackers gained access to Allianz Life’s third-party, cloud-based CRM system, although it did not confirm the vendor supplying that system.

“We took immediate action to contain and mitigate the issue and notified the FBI,” the spokesperson added.

“Based on our investigation to date, there is no evidence the Allianz Life network or other company systems were accessed, including our policy administration system.

“Our investigation is ongoing, and we began the process of reaching out to individuals impacted with dedicated resources to assist them.”

Allianz also did not answer questions about the type of data affected or who is suspected to be behind the attack.

Scattered Spider, the loosely connected group of young people accused of carrying out attacks on a litany of major organizations this year, was said to be targeting the insurance sector just weeks ago, before diversifying to aviation.

Despite the group recently targeting the insurance industry, no credible source has linked it to the Allianz attack.

Another outfit with an established interest in targeting cloud-based CRM systems is ShinyHunters, of Snowflake infamy and more recently Dior (allegedly).

Google’s Threat Intelligence Group last month issued a warning to the security industry about a group it tracks as UNC6040 extorting victims of Salesforce attacks while claiming to be from the ShinyHunters group.

Attacks on customers CRM applications, which were also said to involve a social engineering component, stole data then used it as leverage in extortion attempts.

As for Allianz, it refused to comment on whether it was being extorted by cybercriminals, ShinyHunters or otherwise.

Its filing with Maine’s AG stated customers are to be offered 24 months’ worth of identity protection and credit monitoring services. ®

READ MORE HERE