Allianz Life confirms massive data breach

Allianz Life, one of the largest insurance companies in the USA, has confirmed that the personal data of the majority of its 1.4 million customers, financial professionals, and select employees was compromised in a major cyberattack earlier this month.

The breach was disclosed on Saturday in a filing with the Maine attorney general's office.

A spokesperson for Allianz Life, Brett Weinberg, told TechCrunch that the attack occurred on 16th July, when a malicious threat actor successfully infiltrated a third-party, cloud-based customer relationship management (CRM) system used by the insurer.

The attacker reportedly used sophisticated social engineering techniques to gain access to the platform, bypassing conventional defences.

"The threat actor was able to obtain personally identifiable data related to the majority of Allianz Life's customers, financial professionals and select Allianz Life employees," Weinberg said, adding that there is currently no evidence that other internal systems were affected.

Although the company has not disclosed the exact number of individuals impacted, Allianz Life's customer base comprises approximately 1.4 million individuals. Its Germany-based parent company, Allianz SE, serves over 125 million customers globally.

The company has notified the FBI and is working with federal law enforcement as the investigation continues. It has not confirmed whether the attackers have made contact or issued a ransom demand. The identity of the hacking group also remains undisclosed.

Allianz Life plans to begin notifying affected individuals starting 1st August.

The breach comes amid a broader wave of cyberattacks that have targeted the insurance industry in recent months.

In June, Aflac – one of the largest providers of supplementary health insurance in the US – disclosed its own cyber incident, saying an unknown quantity of customer data had been exfiltrated.

Cybersecurity experts have linked this growing string of attacks to a loosely affiliated hacking collective known as Scattered Spider. The group is notorious for its use of social engineering to manipulate employees, help desks and IT support teams in order to gain access to sensitive systems.

John Hultquist, chief analyst at Google's Threat Intelligence Group (GTIG), said in June that multiple intrusions in the USA bore the hallmarks of Scattered Spider operations.

Before shifting their focus to insurance companies, Scattered Spider hackers had previously targeted the UK retail sector, along with the aviation and transportation industries. The group also has a history of breaching major Silicon Valley tech firms.

This week, Google's GTIG researchers noted that UNC3944 – a threat actor overlapping with Scattered Spider – is actively targeting VMware ESXi hypervisors across companies in the retail, airline, transportation and insurance industries.

"The actors are aggressive, creative and particularly skilled at using social engineering to bypass even mature security programmes," GTIG said.

"Their attacks are not opportunistic but are precise, campaign-driven operations aimed at an organisation's most critical systems and data."

A Google spokesperson said these attackers can gain an unprecedented level of control over an entire virtualised environment without relying on software vulnerabilities, effectively bypassing many conventional in-guest security defences.

Google also highlighted the group's "extreme velocity," noting that the entire attack chain can unfold within just a few hours.