Insurance giant Allianz Life is investigating a breach that has reportedly seen the data of most of its North American customers stolen.
Allianz Life, a subsidiary of Germany-based financial services firm Allianz SE, sells annuities and life insurance and has around 1.4 million customers in the North America region.
The hackers are believed to have accessed personally identifiable data related to the majority of these customers, along with the data of financial professionals and some Allianz Life employees.
Customer data from other geographical regions is believed to be unaffected, and the company's core network and policy administration systems don't appear to have been accessed.
According to a filing with the attorney general in Maine, the attack took place on July 16 and was discovered a day later. Allianz Life said it would provide a full consumer notice once it has finished identifying and contacting the individuals who have been affected.
The company also stated that it has notified the FBI, and said that affected individuals will be given 24 months of credit monitoring and identity theft protection.
Who’s behind the Allianz Life breach?
The attack is believed to have taken place through a third-party provider, with the company telling TechCrunch that this was a cloud-based customer relationship management (CRM) system.
Similarly, the breach is believed to have been carried out via a social engineering attack.
Tarun Desikan, zero trust evangelist and EVP of cloud edge security at leading cybersecurity firm SonicWall, said the incident once again highlights long-running problems with social engineering and identity management.
“While multi-factor authentication is critical, it’s not bulletproof. Attackers now bypass MFA with sophisticated social engineering techniques," said Desikan
"Attack vectors are constantly evolving and cyber criminals are relentless in developing new tactics, techniques, and procedures. This necessitates a proactive and flexible approach to cybersecurity, which includes adopting protocols and security architectures like Zero Trust.”
According to BleepingComputer, the attack may have been carried out by the ShinyHunters threat group. The claims follow a warning last month from Mandiant that the group had started to target Salesforce CRM customers in social engineering attacks.
The hackers were reported to be impersonating IT support staff and asking employees to accept a connection to Salesforce Data Loader, which they are then using to exfiltrate data from Salesforce and extort the company.
ShinyHunters, which first emerged in 2020, does have a track record of similar attacks, and has targeted dozens of major organizations, including Microsoft, Santander, Ticketmaster, Tokopedia and AT&T.
In the case of AT&T, the data of 110 million users was accessed, with AT&T reportedly paying a $370,000 ransom.
ITPro has approached Allianz Life for clarification.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Healthcare organizations report rampant email security failures – and Microsoft 365 is often the weakest linkNews IT leaders say they're drowning in security alerts and missing real threats, thanks to limited resources, expanding attack surfaces, and weak security strategies
-
Is all-photonics the future of networking?ITPro Podcast Using light to transmit data rather than relying on electronic components could slash latency
-
Kids hacking for kicks are causing security headaches at schoolsNews More than half of cyber incidents at schools are caused by students, with some tech-savvy pupils attempting to bypass security and network controls.
-
Mobile app security is a huge blind spot for developer teams – 93% are confident their applications are secure, but 62% reported breaches last yearNews Organizations are overconfident about their mobile app security practices, according to new research, and it’s putting enterprises and consumers alike at risk.
-
LNER warns customers to remain vigilant after personal data exposed in cyber attackNews LNER has warned customers to remain vigilant for social engineering attacks after a cyber attack on the rail operator exposed personal data.
-
Jaguar Land Rover u-turns on cyber attack containment claims, admits ‘some data has been affected’News Jaguar Land Rover (JLR) has admitted some data may have been accessed by hackers following a cyber attack which severely disrupted production.
-
Everything we know about the Plex data breach so farNews Plex advised users to sign out of any connected devices that are currently logged in and enable two-factor authentication if they haven’t already.
-
Prolific ransomware operator added to Europe’s Most Wanted list as US dangles $10 million rewardNews The US Department of Justice is offering a reward of up to $10 million for information leading to the arrest of Volodymyr Viktorovych Tymoshchuk, an alleged ransomware criminal.
-
FBI warns 'indiscriminate' Salt Typhoon hacking campaign has hit organizations in more than 80 countriesNews The Salt Typhoon hacker group has waged several major campaigns against US telecoms companies and critical infrastructure operators – now it's ramping up attacks globally.
-
Salesloft Drift hackers had access to company GitHub account for months before attacksNews Hackers behind the Salesloft Drift breach had access to the company’s GitHub account for several months before waging a flurry of attacks, the company has revealed.
