Allianz Life Data Breach Exposes Information of Majority of 1.4 Million Customers

A major data breach at Allianz Life Insurance Company of North America has compromised the personal information of the majority of its 1.4 million customers, the company confirmed this week. The incident, which occurred on July 16, 2025, involved unauthorized access to a third-party, cloud-based customer relationship management (CRM) system.

Breach Details and Scope

According to a statement provided to BleepingComputer, a “malicious threat actor” gained access to the CRM system using a social engineering technique. The compromised data includes personally identifiable information belonging to customers, financial professionals, and a select number of Allianz Life employees.

“We took immediate action to contain and mitigate the issue and notified the FBI,” a company spokesperson stated. Importantly, the investigation to date indicates that the Allianz Life network and other core company systems, including its policy administration system, were not accessed.

Allianz Life, a US-based provider of annuities and life insurance, is owned by the global financial services group Allianz SE, headquartered in Germany and serving over 128 million customers worldwide. The company initially disclosed the breach in a mandatory filing with the Maine Attorney General’s Office on Saturday, issuing a preliminary notification to affected parties.

“The consumer notice will be provided once Allianz has identified the affected individuals,” the placeholder notification reads. Allianz Life has begun contacting individuals impacted by the breach and offering dedicated resources for assistance.

Suspected Perpetrator: ShinyHunters Extortion Group

While Allianz Life declined to comment on whether the company is facing extortion demands or the identity of the threat actor, security researchers believe the ShinyHunters group is responsible for the attack.

ShinyHunters is a notorious collective linked to numerous high-profile data breaches, including attacks against PowerSchool, Santander, Ticketmaster, AT&T, Advance Auto Parts, Neiman Marcus, and Cylance, often leveraging vulnerabilities in Snowflake environments. Despite multiple arrests of ShinyHunters members, including a recent arrest in France, the group remains active.

Last month, Mandiant issued a warning that ShinyHunters had begun specifically targeting customers of Salesforce CRM systems. Their tactic involves impersonating IT support personnel to gain access to Salesforce Data Loader, a client application used for data manipulation within Salesforce environments. Once access is granted, the attackers exfiltrate data for extortion purposes.

BleepingComputer inquired whether Allianz Life’s CRM system is Salesforce, but a company spokesperson declined to provide a response.

Implications and Ongoing Investigation

The breach underscores the growing risk of supply chain attacks targeting cloud-based CRM systems. The reliance on third-party vendors introduces vulnerabilities that malicious actors can exploit through sophisticated social engineering tactics.

The investigation remains ongoing, and Allianz Life is working to fully assess the scope of the data compromise and implement measures to prevent future incidents. The company has not yet released details regarding the specific types of personal information exposed, but the incident serves as a stark reminder of the importance of robust cybersecurity practices and proactive threat detection.