HIBP Notifies 1.1 Million Allianz Life Customers Their Data Was Exposed

Have I Been Pwned (HIBP) has added the July 2025 Allianz Life data breach to its database, alerting over 1.1 million individuals that their personal information has been leaked online following a targeted cyberattack.

The breach, initially disclosed in late July, stemmed from a successful social engineering campaign that compromised a third-party cloud-based CRM platform used by Allianz Life. While the company did not officially confirm the vendor, details of the incident strongly suggest Salesforce was the platform involved. According to Allianz, the attackers used impersonation tactics to manipulate access credentials, ultimately gaining entry to customer records without breaching Allianz's internal systems or policy administration infrastructure.

The Minneapolis-based Allianz Life Insurance Company of North America is a major provider of annuities and life insurance in the United States and is a wholly owned subsidiary of Allianz SE, the German financial giant with over 128 million customers worldwide. The company serves approximately 1.4 million customers in the US, meaning the breach likely impacted the majority of its domestic clientele. Allianz clarified that operations outside the US remain unaffected.

The types of data exposed in this incident, according to HIBP, include names, email addresses, phone numbers, physical addresses, dates of birth, and gender.

The attack appears consistent with a campaign attributed to the extortion group ShinyHunters, which has been linked to similar high-profile breaches in recent months.

HIBP added the compromised Allianz dataset to its platform yesterday, nearly a month after the initial attack occurred. Notably, 72% of the leaked email addresses were already present in HIBP's records, indicating significant overlap with prior breaches and a heightened risk for affected users facing credential stuffing or targeted phishing.

New breach: Allianz Life had 1.1M unique email addresses breached last month via a social engineering attack. Data included name, phone number, physical address, DoB and gender. 72% were already in @haveibeenpwned. Read more: https://t.co/0o8j7qu8eO

— Have I Been Pwned (@haveibeenpwned) August 18, 2025

The Maine Attorney General's Office previously published a placeholder breach notice from Allianz Life on July 26, with formal consumer notifications scheduled for August. The company also confirmed it notified the FBI and launched an internal investigation, but has not publicly acknowledged whether extortion demands were made or ransom payments considered.

Given the exposure of highly sensitive personal data, affected individuals are advised to enable multi-factor authentication on all online accounts, monitor financial accounts and credit reports closely for suspicious activity, and stay on high alert for phishing attempts, especially emails impersonating Allianz.