Allianz Life Insurance Company of North America has confirmed a major data breach that exposed the personal information of most of its 1.4 million customers, along with financial professionals and some employees.
The breach occurred on July 16, 2025, after a malicious threat actor exploited a third-party, cloud-based CRM system used by Allianz Life. According to a company spokesperson, the attacker gained access using social engineering techniques, a growing concern in recent high-profile cyberattacks.
“We took immediate action to contain and mitigate the issue and notified the FBI,” Allianz Life stated. “There is no evidence the Allianz Life network or other company systems were accessed, including our policy administration system.”
The incident, which does not affect Allianz SE or other divisions, is currently under investigation. Allianz has begun notifying affected individuals and providing support through dedicated resources.
While the company has not officially confirmed the identity of the attacker, BleepingComputer reports that the ShinyHunters hacking group is believed to be behind the breach. ShinyHunters is known for previous cyberattacks on major organizations like AT&T, Ticketmaster, and Santander.
Last month, cybersecurity firm Mandiant warned that ShinyHunters had begun targeting Salesforce CRM users, using impersonation tactics to gain access to sensitive customer data via Salesforce Data Loader. Allianz declined to confirm whether Salesforce was the CRM in question.
The company filed an initial breach notification with the Maine Attorney General’s Office, noting that detailed consumer notices would be issued after identifying affected individuals.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
