Allianz Life Insurance Company of North America has revised the number of impacted individuals whose personal data was exposed in the July 2025 cyberattack to 1.5 million individuals across the United States.
The breach stems from a compromise of a third-party cloud-based CRM system and includes sensitive personal information such as names, addresses, dates of birth, and Social Security numbers.
According to an update on the Maine Attorney General’s Office filing, the data breach impacted a total of 1,497,036 individuals nationwide. The incident occurred on July 16 and was discovered just one day later. Written notifications began going out to customers on August 1, along with an offer for two years of complimentary identity monitoring and credit protection services through Kroll.
Allianz Life, headquartered in Minneapolis, is a leading provider of annuities and life insurance products in the United States and a subsidiary of global financial services powerhouse Allianz SE, which serves more than 128 million customers in over 70 countries. This incident appears to affect only US operations, with no indication of compromise to systems outside the country.
The intrusion was made possible through a targeted social engineering campaign against Allianz Life’s CRM vendor. While the company has not officially identified the platform, the attack bears hallmarks of the ShinyHunters extortion group, which has been linked to a recent wave of breaches involving impersonation attacks exploiting Salesforce’s Data Loader tool. Reports suggest attackers posed as IT personnel to trick employees into granting unauthorized remote access.
Allianz Life confirmed that its core policy administration systems and internal networks remained untouched during the incident. The threat actor’s access was limited to the third-party CRM, but that was enough to exfiltrate large volumes of customer data, prompting concerns about downstream misuse. Data indexed by breach monitoring service Have I Been Pwned previously indicated that over 1.1 million compromised email addresses have already surfaced on the dark web, with 72% of them appearing in prior breaches, increasing the likelihood of credential stuffing or phishing attempts.
Allianz Life notified the FBI, launched an internal investigation, and began working with cybersecurity experts to contain and analyze the attack. The company has not confirmed whether a ransom was demanded or paid.
Affected individuals are strongly urged to take immediate steps to protect their identity. Allianz Life is offering two years of Kroll’s Identity Monitoring Services, which include single-bureau credit monitoring, fraud consultation, and identity theft restoration.
Customers should also remain vigilant by regularly reviewing financial statements, enabling multi-factor authentication on sensitive accounts, and considering placing fraud alerts or credit freezes with major credit bureaus to prevent unauthorized use of their data.
Leave a Reply