Allianz Life, an insurance company, disclosed a significant data breach affecting approximately **1.497 million customers, employees, and financial professionals** across North America. The breach occurred due to an attack on an unnamed third-party CRM provider, where unauthorized actors accessed sensitive personal data. Compromised information includes **names, addresses, dates of birth, and Social Security numbers (SSNs)**—highly valuable details for identity theft and fraud. The company confirmed the attackers targeted customer, staff, and financial professional records, though no immediate evidence of misuse was reported. Allianz Life responded by offering **two years of identity protection and credit monitoring services** to affected individuals. The breach underscores vulnerabilities in third-party vendor security, raising concerns about supply-chain risks in the financial sector.
Source: https://www.theregister.com/2025/10/01/north_american_data_breaches/
TPRM report: https://www.rankiteo.com/company/allianz-life
"id": "all2292722100125",
"linkid": "allianz-life",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '1,497,036',
'industry': 'Financial Services',
'location': 'North America (primarily U.S.)',
'name': 'Allianz Life',
'type': 'Insurance Company'},
{'customers_affected': '1,200,000 (U.S. customers only; '
'total not specified)',
'industry': 'Aviation/Transportation',
'location': 'Canada (affected U.S. customers: 1.2 '
'million)',
'name': 'WestJet',
'type': 'Airline'},
{'customers_affected': '766,670',
'industry': 'Automotive (RV/powersports dealerships)',
'location': 'Ohio, U.S.',
'name': 'Motility Software Solutions',
'type': 'Software Provider'}],
'attack_vector': ['Third-party CRM compromise',
'Malware deployment (ransomware)',
'Unauthorized access'],
'customer_advisories': ['WestJet: Encouraged staff/customers to exercise '
'caution; Allianz/Motility: Provided identity '
'protection services'],
'data_breach': {'data_encryption': ['Motility: Files encrypted by ransomware '
'before exfiltration'],
'data_exfiltration': True,
'number_of_records_exposed': '3,700,000+ (aggregated across '
'all three companies)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (PII including SSNs and driver’s '
'license numbers)',
'type_of_data_compromised': ['Names, addresses, dates of '
'birth, SSNs (Allianz Life)',
'Names, contact details, '
'reservation/travel documents, '
'relationship data (WestJet)',
'Full names, home/email '
'addresses, phone numbers, dates '
'of birth, SSNs, driver’s '
'license numbers (Motility)']},
'date_publicly_disclosed': '2023-10-XX (exact dates vary per company)',
'description': 'A trio of companies—Allianz Life, WestJet, and Motility '
'Software Solutions—disclosed data breaches this week '
'affecting approximately 3.7 million customers and employees '
'across North America. The incidents involved unauthorized '
'access to third-party CRM providers, ransomware attacks, and '
'data exfiltration by threat actors, including the Scattered '
'Spider group. Personal data such as names, addresses, SSNs, '
'and driver’s license numbers were compromised. All three '
'companies offered identity protection and credit monitoring '
'services to affected individuals.',
'impact': {'brand_reputation_impact': ['Potential reputational damage for all '
'three companies'],
'data_compromised': True,
'downtime': ['Interruptions in WestJet’s online services and '
'mobile app'],
'identity_theft_risk': ['High (SSNs, driver’s license numbers, and '
'other PII exposed)'],
'operational_impact': ['WestJet: No impact on safety/integrity of '
'operations; Motility: Restricted access to '
'internal data due to encryption'],
'payment_information_risk': ['WestJet confirmed credit/debit card '
'numbers, expiry dates, CVVs, and '
'passwords were *not* compromised'],
'systems_affected': ['CRM systems (Allianz Life)',
'Online services and mobile app (WestJet)',
'Internal systems (Motility Software '
'Solutions)']},
'initial_access_broker': {'data_sold_on_dark_web': ['Motility: No evidence '
'found on ransomware leak '
'sites'],
'entry_point': ['Third-party CRM provider (Allianz '
'Life)',
None,
None],
'high_value_targets': ['Customer PII (all three '
'companies)']},
'investigation_status': ['Allianz Life: Ongoing/completed (not specified)',
'WestJet: Completed (ended September 15, 2023)',
'Motility: Completed (forensic investigation '
'concluded)'],
'motivation': ['Data Theft', 'Financial Gain (likely)'],
'post_incident_analysis': {'corrective_actions': ['Credit monitoring '
'services, customer '
'notifications']},
'ransomware': {'data_encryption': ['Motility: Partial encryption of internal '
'systems'],
'data_exfiltration': ['Motility: Limited files removed '
'pre-encryption']},
'references': [{'source': 'The Register',
'url': 'https://www.theregister.com/2023/10/XX/allianz_westjet_motility_breaches/'},
{'source': 'Maine Attorney General’s Office (Allianz Life '
'filing)'},
{'source': 'Maine Attorney General’s Office (WestJet filing)'},
{'source': 'Maine Attorney General’s Office (Motility '
'filing)'}],
'regulatory_compliance': {'regulatory_notifications': ['Filed with Maine '
'Attorney General’s '
'Office (all three '
'companies)']},
'response': {'communication_strategy': ['Public disclosures (Maine AG '
'filings), customer notifications, '
'advisories to exercise caution'],
'incident_response_plan_activated': True,
'remediation_measures': ['Identity protection and credit '
'monitoring services (Allianz: 2 years; '
'WestJet: 2 years; Motility: 12 '
'months)'],
'third_party_assistance': ['Forensic investigators (implied)']},
'stakeholder_advisories': ['All companies notified affected individuals and '
'offered credit monitoring'],
'threat_actor': ['Scattered Spider (WestJet)',
'Unnamed actor (Allianz Life)',
'Unnamed actor (Motility Software Solutions)'],
'title': 'Data Breaches Affecting 3.7 Million Customers Across Allianz Life, '
'WestJet, and Motility Software Solutions',
'type': ['Data Breach', 'Ransomware Attack']}