In July 2025, Allianz Life Insurance Company of North America suffered a **cyberattack** targeting a **third-party cloud-based CRM system**, exposing the **sensitive personal data of 1.5 million individuals** (1,497,036 confirmed) across the U.S. The breach, linked to the **ShinyHunters extortion group**, involved a **social engineering campaign** where attackers impersonated IT personnel to gain unauthorized remote access via Salesforce’s Data Loader tool. Compromised data includes **names, addresses, dates of birth, and Social Security numbers**, with **1.1 million email addresses** already surfacing on the dark web (72% tied to prior breaches), heightening risks of **credential stuffing, phishing, and identity theft**.The company confirmed its **core systems and internal networks remained unaffected**, but the CRM breach enabled large-scale **customer data exfiltration**. Allianz Life notified the FBI, launched an investigation, and offered **two years of free identity monitoring (Kroll)** to victims. While no ransom demands were confirmed, the incident underscores vulnerabilities in **third-party vendor security** and the escalating threat of **targeted extortion campaigns**. Customers were advised to monitor financial accounts, enable **multi-factor authentication (MFA)**, and consider **credit freezes** to mitigate fraud risks.
Source: https://cyberinsider.com/allianz-life-july-data-breach-impacted-1-5-million-customers/
TPRM report: https://www.rankiteo.com/company/allianz-life
"id": "all2592725100125",
"linkid": "allianz-life",
"type": "Cyber Attack",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '1,497,036 individuals',
'industry': ['Financial Services', 'Insurance'],
'location': {'headquarters': 'Minneapolis, Minnesota, '
'USA',
'scope': 'U.S. Operations Only'},
'name': 'Allianz Life Insurance Company of North '
'America',
'size': 'Large (Subsidiary of Allianz SE, Serving '
'128M+ Customers Globally)',
'type': 'Subsidiary'}],
'attack_vector': ['Social Engineering',
'Impersonation (IT Personnel)',
'Unauthorized Remote Access',
'Exploitation of Salesforce Data Loader Tool'],
'customer_advisories': ['Written notifications sent to affected individuals '
'(starting 2025-08-01).',
'Offer of 2 years of Kroll Identity Monitoring '
'Services (single-bureau credit monitoring, fraud '
'consultation, identity theft restoration).',
'Guidance on protective measures (MFA, credit '
'freezes, vigilance against phishing).'],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '1,497,036',
'personally_identifiable_information': ['Names',
'Addresses',
'Dates of Birth',
'Social Security '
'Numbers',
'Email Addresses'],
'sensitivity_of_data': 'High (Includes SSNs, Dates of Birth, '
'Email Addresses)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Sensitive Personal Data']},
'date_detected': '2025-07-17',
'date_publicly_disclosed': '2025-08-01',
'description': 'Allianz Life Insurance Company of North America experienced a '
'cyberattack in July 2025, resulting in the exposure of '
'sensitive personal data of 1.5 million individuals across the '
'U.S. The breach originated from a compromise of a third-party '
'cloud-based CRM system, facilitated by a targeted social '
'engineering campaign. Attackers, likely linked to the '
'ShinyHunters extortion group, impersonated IT personnel to '
'gain unauthorized remote access via Salesforce’s Data Loader '
'tool. While Allianz Life’s core systems remained unaffected, '
'the incident led to the exfiltration of names, addresses, '
'dates of birth, and Social Security numbers. Over 1.1 million '
'compromised email addresses have surfaced on the dark web, '
'raising concerns about credential stuffing and phishing '
'risks. Allianz Life notified the FBI, launched an '
'investigation, and offered affected individuals two years of '
'complimentary identity monitoring and credit protection '
'services through Kroll.',
'impact': {'brand_reputation_impact': ['Potential Reputation Damage Due to '
'Large-Scale Data Exposure'],
'data_compromised': ['Names',
'Addresses',
'Dates of Birth',
'Social Security Numbers',
'Email Addresses'],
'identity_theft_risk': ['High (Due to Exposure of SSNs and PII)'],
'operational_impact': ['Limited to Third-Party CRM; Core Policy '
'Administration Systems Untouched'],
'systems_affected': ['Third-Party Cloud-Based CRM System']},
'initial_access_broker': {'data_sold_on_dark_web': ['1.1M+ Email Addresses '
'(72% Previously '
'Breached)'],
'entry_point': 'Third-Party Cloud-Based CRM System '
'(via Social Engineering)',
'high_value_targets': ['Customer PII (SSNs, Dates '
'of Birth, Email '
'Addresses)']},
'investigation_status': 'Ongoing (Internal Investigation with Cybersecurity '
'Experts)',
'motivation': ['Data Theft', 'Extortion (potential, unconfirmed)'],
'post_incident_analysis': {'root_causes': ['Successful social engineering '
'attack targeting third-party CRM '
'vendor.',
'Impersonation of IT personnel to '
'gain unauthorized remote access.',
'Exploitation of Salesforce Data '
'Loader tool (suspected).']},
'ransomware': {'data_exfiltration': True},
'recommendations': ['Enable multi-factor authentication (MFA) on sensitive '
'accounts.',
'Place fraud alerts or credit freezes with major credit '
'bureaus.',
'Regularly review financial statements for unauthorized '
'activity.',
'Remain vigilant against phishing and credential stuffing '
'attempts.',
'Third-party vendors should enhance security protocols '
'against social engineering attacks.'],
'references': [{'source': 'Maine Attorney General’s Office Filing'},
{'source': 'Have I Been Pwned (Breach Monitoring Service)',
'url': 'https://haveibeenpwned.com'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Attorney '
'General’s Office']},
'response': {'communication_strategy': ['Maine Attorney General’s Office '
'Filing',
'Direct Customer Notifications',
'Public Advisory on Protective '
'Measures'],
'containment_measures': ['Isolation of Compromised Third-Party '
'CRM',
'Internal Investigation'],
'incident_response_plan_activated': True,
'law_enforcement_notified': ['FBI'],
'recovery_measures': ['Customer Notifications (Began 2025-08-01)',
'Offer of 2 Years of Complimentary '
'Identity Monitoring (Kroll)'],
'third_party_assistance': ['Cybersecurity Experts (Unnamed)',
'Kroll (Identity Monitoring '
'Services)']},
'stakeholder_advisories': ['FBI Notification',
'Public Disclosure via Maine AG Office'],
'threat_actor': ['ShinyHunters (suspected)'],
'title': 'Allianz Life Insurance Data Breach via Third-Party CRM Compromise '
'(July 2025)',
'type': ['Data Breach', 'Social Engineering', 'Third-Party Compromise'],
'vulnerability_exploited': ['Human Error (Social Engineering Susceptibility)',
'Third-Party CRM Security Weaknesses']}