Allianz Life data breach exposes 1.1 million customers

Compromised data includes names, email addresses and physical addresses

Hackers stole the personal information of 1.1 million customers in a July breach at US insurer Allianz Life, according to the data breach notification service Have I Been Pwned.

In late July, Allianz Life – The US arm of insurance conglomerate Allianz SE – revealed that hackers had breached a cloud-based customer relationship management (CRM) database, stealing the personal information of the "majority" of customers as well as company employees.

"The threat actor was able to obtain personally identifiable data related to the majority of Allianz Life's customers, financial professionals and select Allianz Life employees," Brett Weinberg, a spokesperson for Allianz Life, said last month.

Allianz has nearly 2,000 staff in the United States and serves around 128 million customers worldwide.

So far, Allianz has declined to specify the exact number of individuals impacted by the breach. However, data breach notification service Have I Been Pwned said on Monday that the breach exposed the personal details of 1.1 million Allianz Life customers.

The compromised data includes names, genders, email addresses, dates of birth, phone numbers and physical addresses.

BleepingComputer reported that some victims also had sensitive identifiers stolen, including tax IDs.

Several affected customers confirmed to the outlet that the leaked data matched their records, suggesting that the files already circulating online are accurate.

An Allianz Life spokesperson said the company could not provide "any additional comment at this time" because of an ongoing investigation, though they confirmed that "some selected Allianz Life employees" were also impacted.

The breach is believed to stem from an ongoing campaign against companies using Salesforce CRM systems.

Security researchers have attributed the attacks to the cyber extortion gang ShinyHunters, which has a track record of infiltrating major firms including AT&T, Adidas, Dior, Tiffany and Louis Vuitton.

ShinyHunters is known for social engineering tactics, in which employees are tricked into authorising malicious OAuth applications linked to company systems. Once inside, the attackers exfiltrate company databases and demand payment to prevent publication.

The group is also believed to overlap with other cybercriminal collectives, including Scattered Spider and The Com, which specialise in hacking, extortion and, in some cases, threats of violence.

Cybersecurity experts warn that ShinyHunters is preparing to expand its extortion tactics by launching a data leak site designed to pressure victims into paying to keep stolen records offline.

In Allianz's case, the hackers have already leaked around 2.8 million records from Salesforce instances, affecting not only customers but also wealth management companies, financial advisers and brokers.

On Friday, human resources software giant Workday disclosed a similar incident, saying attackers had targeted a third-party CRM platform used by the company.

Workday stressed that no customer tenants or their data were directly affected.