The Allianz Life data breach just took a huge turn for the worse
Claimed by the ShinyHunters threat group, the Allianz Life data breach has exposed personal data on over a million customers
The true scale of the Allianz Life data breach has been laid bare, with leaked credential notification site Have I Been Pwned putting the number of affected accounts at 1.1 million.
The numbers represent the vast majority of the company's 1.4 million customers in the North America region, along with the data of financial professionals and some Allianz Life employees contained in Salesforce Accounts and Contacts databases.
Data exposed in the incident is believed to include dates of birth, email addresses, genders, names, phone numbers, and physical addresses. According to Allianz, Social Security numbers were also taken.
More than seven-in-ten of the exposed email addresses had already been affected by previously-disclosed data breaches.
When the breach was first confirmed, Allianz Life said that 'most' of its North American customers had been affected, but that its core network and policy administration systems didn't appear to have been accessed.
The insurer said it would provide a full consumer notice once it has finished identifying and contacting affected individuals.
Jon Abbott, CEO of ThreatAware, described the scale of the breach as “significant”, noting that the data leaked represents a treasure trove of information to target victims.
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
"The sensitive and valuable information held in CRM tools is exactly why it’s targeted by attackers,” he said. “The data can be used by other cyber criminals for identity theft and phishing campaigns."
What happened with the Allianz Life data breach?
The breach, which took place on July 16 and was discovered a day later, is believed to have involved a social engineering attack that involved impersonating IT support staff.
This saw hackers ask employees to accept a connection to a Salesforce Data Loader, which was then used to exfiltrate data from the CRM system.
The attackers used malicious OAuth applications to infiltrate Salesforce instances, before downloading the company databases.
The attack has since been claimed by the notorious ShinyHunters threat group, which is believed to overlap with the Scattered Spider and Lapsus groups. They are now believed to be preparing a data leak site to pressure Allianz and other victims into making a ransom payment.
The group, which first emerged in 2020, is also believed to be responsible for attacks on Salesforce systems at several retailers, as well as at Google, Cisco, Qantas, Santander, Ticketmaster, Tokopedia, AT&T and most recently Workday.
Workday confirmed it had fallen victim to an attack last week, warning customers that exposed information could then be used in follow-up social engineering attacks - a common tactic for threat actors.
"Groups such as ShinyHunters rely on fast moving social engineering tactics – this typically involves calling and emailing employees of the victim organization and attempting to extort them. If this does not work, they then launch a leak site with the aim of pressuring victims into payment," said Abbott.
"This pattern in their attacks is why the security fundamentals are so important. Accurate asset inventories, tamper-proof identity verification and hardened service desk processes are all essential.”
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- Employee phishing training is working – but don’t get complacent
- Phishing tactics: The top attack trends
- Cheap cyber crime kits can be bought on the dark web for less than $25
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.
-
The NCSC wants to build an AI-powered 'Cyber Shield' to protect the UK from hackersNews The aim is to create a national, sovereign defence capability to protect government agencies and critical infrastructure
-
IBM targets data center efficiency gains with new z17 and LinuxONE offeringsNews Cost, data center footprint, and performance improvements are coming for IBM Z and LinuxONE customers
-
‘The risk to every organization has increased exponentially’: The FortiBleed campaign just took a turn for the worseNews Reports suggest that FortiBleed-linked exposed credentials could put UK government and public services at huge risk
-
‘Every hour ransomware goes undetected drastically increases its potential blast radius’: Hackers are breaching networks and laying low for longer – and nearly half of firms don’t realize until data is stolenNews An ExtraHop survey found more intrusions are going undetected, leading to longer dwell times
-
US offers $10m bounty for info on Russia-linked hackers behind Signal and WhatsApp attacksNews UNC5792 and UNC4221 have been targeting government officials through their Signal and WhatsApp accounts
-
‘They risk damaging confidence’: A Canadian health board outraged staff with phishing tests offering paid leave – experts say it shows why you need to be careful with cyber awareness campaignsNews Phishing tests require a delicate touch, emulating realism while not “exploiting goodwill”
-
Duo accused of role in TfL cyber attack plead guilty after ‘lengthy, highly complex, and painstaking investigation’News Around 10 million people are believed to have been affected by the TfL cyber attack
-
Hackers are capitalizing on AI hype to ramp up social engineering attacks – and they're using big brands like Anthropic, OpenAI, and DeepSeek as ‘bait’ to lure victimsNews Microsoft says cyber criminals are impersonating popular AI platforms to deliver malware
-
Ransomware cartels are fragmenting into volatile splinter groups, warns Met Police cyber chiefNews Commoditized "cyber crime bazaars" and AI data mining are forcing law enforcement to rewrite its playbook
-
Hackers are turning up at law firms to gain physical access to machinesNews The FBI is warning companies to look out for fake IT staff