“`html
Allianz Life Data Breach exposes Personal Data of 1.1 Million Customers
Table of Contents
By Amelia Roberts | WASHINGTON – 2025/08/19 11:18:47
A recent cyberattack has compromised the personal data of approximately 1.1 million customers of Allianz Life, a major U.S. insurance provider. The breach occurred in July and stemmed from a data theft targeting Salesforce, the cloud-based customer relationship management (CRM) platform.
Allianz Life, a subsidiary of Allianz SE, which serves over 128 million clients globally, confirmed that unauthorized access to a third-party cloud CRM system led to the exposure of sensitive data belonging to a meaningful portion of its 1.4 million customers, as disclosed last month.
While the company initially withheld the name of the affected CRM provider, BleepingComputer reported that the incident was part of a broader series of Salesforce-targeted attacks attributed to the ShinyHunters extortion group.
Following the breach, ShinyHunters leaked databases originating from Allianz Life’s salesforce setup. These databases contained around 2.8 million records pertaining to individual customers, business partners, wealth management firms, financial advisors, and brokers.
Have I Been Pwned, a data breach notification service, revealed on Monday that the stolen data included email addresses, names, genders, dates of birth, phone numbers, and physical addresses of 1.1 million Allianz Life customers.
BleepingComputer corroborated the breach details with multiple affected individuals, confirming the accuracy of leaked information such as tax IDs, phone numbers, and email addresses.
Other prominent organizations, including Google, Adidas, Qantas, Louis Vuitton, Dior,Tiffany & Co., Chanel,and Workday, have also been affected in this widespread campaign.
The attacks, which are believed to have started earlier this year, involve threat actors deceiving employees into connecting a malicious OAuth submission to their company’s Salesforce accounts. Once connected, the attackers exfiltrate company databases and subsequently use the stolen data for extortion.
These extortion attempts are linked to ShinyHunters, a cybercriminal group known for high-profile data breaches, including the Snowflake attacks and breaches targeting AT&T and PowerSchool.
As of the time of reporting, an Allianz Life representative had not responded to requests for confirmation regarding Have I Been Pwned’s findings.
the stolen data included email addresses, names, genders, dates of birth, phone numbers, and physical addresses of 1.1 million Allianz Life customers.
Frequently Asked Questions
what should I do if I think my data was compromised in the Allianz Life breach?
If you believe your data was compromised, monitor your financial accounts for unauthorized activity, change your passwords, and consider placing a fraud alert on your credit report. You can also contact allianz Life directly for more information and guidance.
What is ShinyHunters?
ShinyHunters is a well-known extortion group linked to numerous high-profile data breaches. They are known for stealing data and demanding ransom from victims.
What is an OAuth app?
OAuth (Open Authorization) is an open standard for token-based authorization and is commonly used as a way for internet users to grant websites or applications access to their information on other websites but without giving them the passwords.
