{ "id": "e81ea63c-05fb-460c-bf94-642a306b552b", "created_at": "2026-04-06T00:16:41.577395Z", "updated_at": "2026-04-10T03:34:59.523214Z", "deleted_at": null, "sha1_hash": "f7a608ca68511d16eef31d552dd4876c9a9cf4fe", "title": "Allianz Life confirms data breach impacts majority of 1.4 million customers", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 758290, "plain_text": "Allianz Life confirms data breach impacts majority of 1.4 million\r\ncustomers\r\nBy Lawrence Abrams\r\nPublished: 2025-07-26 · Archived: 2026-04-05 15:03:16 UTC\r\nInsurance company Allianz Life has confirmed that the personal information for the \"majority\" of its 1.4 million customers\r\nwas exposed in a data breach that occurred earlier this month.\r\n\"On July 16, 2025, a malicious threat actor gained access to a third-party, cloud-based CRM system used by Allianz Life\r\nInsurance Company of North America (Allianz Life),\" an Allianz Life spokesperson told BleepingComputer.\r\n\"The threat actor was able to obtain personally identifiable data related to the majority of Allianz Life's customers, financial\r\nprofessionals, and select Allianz Life employees, using a social engineering technique.\"\r\nhttps://www.bleepingcomputer.com/news/security/allianz-life-confirms-data-breach-impacts-majority-of-14-million-customers/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/allianz-life-confirms-data-breach-impacts-majority-of-14-million-customers/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\n\"We took immediate action to contain and mitigate the issue and notified the FBI. Based on our investigation to-date, there\r\nis no evidence the Allianz Life network or other company systems were accessed, including our policy administration\r\nsystem.\"\r\n\"Our investigation is ongoing and we began the process of reaching out to individuals impacted with dedicated resources to\r\nassist them. This incident is related only to Allianz Life, which currently has 1.4 million customers.\"\r\nAllianz Life is a US-based provider of annuities and life insurance for over 1.4 million Americans. The company is owned\r\nby Allianz SE, a global financial services group headquartered in Germany, serving more than 128 million customers.\r\nThe company first revealed the breach in a mandatory filing with Maine's Attorney General's Office on Saturday, issuing a\r\nplaceholder notification alerting of the breach.\r\n\"The consumer notice will be provided once Allianz has identified the affected individuals,\" reads the placeholder\r\nnotification.\r\nWhile Allianz Life declined to answer questions about the threat actor and whether they were being extorted,\r\nBleepingComputer has learned that the attack is believed to have been conducted by the ShinyHunters extortion group.\r\nShinyHunters is a group of threat actors who are linked to multiple high-profile data breaches and attacks, including those\r\nagainst PowerSchool and the SnowFlake attacks, which impacted Santander, Ticketmaster, AT\u0026T, Advance Auto\r\nParts, Neiman Marcus, and Cylance.\r\nWhile multiple ShinyHunters members have been arrested over the past few years, including a recent arrest in France, the\r\nhacking group continues to conduct attacks.\r\nLast month, Mandiant warned that ShinyHunters had begun to target Salesforce CRM customers in social engineering\r\nattacks.\r\nDuring these attacks, the hackers impersonate IT support personnel, requesting the targeted employee accept a connection to\r\nSalesforce Data Loader, a client application that allows users to import, export, update, or delete data within Salesforce\r\nenvironments.\r\nOnce the connection is accepted, the threat actors use Salesforce Data Loader to exfiltrate data from Salesforce, which is\r\nthen used to extort the company.\r\nBleepingComputer asked Allianz Life if the CRM is Salesforce, but the spokesperson declined to comment.\r\nhttps://www.bleepingcomputer.com/news/security/allianz-life-confirms-data-breach-impacts-majority-of-14-million-customers/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/allianz-life-confirms-data-breach-impacts-majority-of-14-million-customers/\r\nhttps://www.bleepingcomputer.com/news/security/allianz-life-confirms-data-breach-impacts-majority-of-14-million-customers/\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.bleepingcomputer.com/news/security/allianz-life-confirms-data-breach-impacts-majority-of-14-million-customers/" ], "report_names": [ "allianz-life-confirms-data-breach-impacts-majority-of-14-million-customers" ], "threat_actors": [ { "id": "c071c8cd-f854-4bad-b28f-0c59346ec348", "created_at": "2023-11-08T02:00:07.132524Z", "updated_at": "2026-04-10T02:00:03.422366Z", "deleted_at": null, "main_name": "ShinyHunters", "aliases": [], "source_name": "MISPGALAXY:ShinyHunters", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "6f7f2ed5-f30d-4a99-ab2d-f596c1d413b2", "created_at": "2025-10-24T02:04:50.086223Z", "updated_at": "2026-04-10T02:00:03.770068Z", "deleted_at": null, "main_name": "GOLD CRYSTAL", "aliases": [ "Scattered LAPSUS$ Hunters", "ShinyCorp", "ShinyHunters" ], "source_name": "Secureworks:GOLD CRYSTAL", "tools": [], "source_id": "Secureworks", "reports": null }, { "id": "d8dff631-87b0-4320-8352-becff28dbcf1", "created_at": "2022-10-25T16:07:24.565038Z", "updated_at": "2026-04-10T02:00:05.034516Z", "deleted_at": null, "main_name": "ShinyHunters", "aliases": [], "source_name": "ETDA:ShinyHunters", "tools": [], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434601, "ts_updated_at": 1775792099, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/f7a608ca68511d16eef31d552dd4876c9a9cf4fe.pdf", "text": "https://archive.orkl.eu/f7a608ca68511d16eef31d552dd4876c9a9cf4fe.txt", "img": "https://archive.orkl.eu/f7a608ca68511d16eef31d552dd4876c9a9cf4fe.jpg" } }