Everything we know about the Allianz Life data breach so far

(Image credit: Getty Images)

published 28 July 2025

Insurance giant Allianz Life is investigating a breach that has reportedly seen the data of most of its North American customers stolen.

Allianz Life, a subsidiary of Germany-based financial services firm Allianz SE, sells annuities and life insurance and has around 1.4 million customers in the North America region.

The hackers are believed to have accessed personally identifiable data related to the majority of these customers, along with the data of financial professionals and some Allianz Life employees.

Customer data from other geographical regions is believed to be unaffected, and the company's core network and policy administration systems don't appear to have been accessed.

According to a filing with the attorney general in Maine, the attack took place on July 16 and was discovered a day later. Allianz Life said it would provide a full consumer notice once it has finished identifying and contacting the individuals who have been affected.

The company also stated that it has notified the FBI, and said that affected individuals will be given 24 months of credit monitoring and identity theft protection.

Who’s behind the Allianz Life breach?

The attack is believed to have taken place through a third-party provider, with the company telling TechCrunch that this was a cloud-based customer relationship management (CRM) system.

Similarly, the breach is believed to have been carried out via a social engineering attack.

Tarun Desikan, zero trust evangelist and EVP of cloud edge security at leading cybersecurity firm SonicWall, said the incident once again highlights long-running problems with social engineering and identity management.

“While multi-factor authentication is critical, it’s not bulletproof. Attackers now bypass MFA with sophisticated social engineering techniques," said Desikan

"Attack vectors are constantly evolving and cyber criminals are relentless in developing new tactics, techniques, and procedures. This necessitates a proactive and flexible approach to cybersecurity, which includes adopting protocols and security architectures like Zero Trust.”

According to BleepingComputer, the attack may have been carried out by the ShinyHunters threat group. The claims follow a warning last month from Mandiant that the group had started to target Salesforce CRM customers in social engineering attacks.

The hackers were reported to be impersonating IT support staff and asking employees to accept a connection to Salesforce Data Loader, which they are then using to exfiltrate data from Salesforce and extort the company.

ShinyHunters, which first emerged in 2020, does have a track record of similar attacks, and has targeted dozens of major organizations, including Microsoft, Santander, Ticketmaster, Tokopedia and AT&T.

In the case of AT&T, the data of 110 million users was accessed, with AT&T reportedly paying a $370,000 ransom.

ITPro has approached Allianz Life for clarification.

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

MORE FROM ITPRO

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.