Allianz Life
Company Details
Linkedin ID:
allianz-life
Website:
Employees number:
3,861
Number of followers:
67,004
NAICS:
524
Industry Type:
Homepage:
allianzlife.com
IP Addresses:
0
Company ID:
ALL_2058725
Scan Status:
In-progress
Allianz Life Company CyberSecurity Posture
allianzlife.com
Allianz Life Insurance Company of North America (Allianz Life®) has been trusted since 1896 to help millions of Americans prepare for financial uncertainties and retirement with a variety of innovative risk management solutions. We are a leading provider of fixed index annuities, registered index-linked annuities, and indexed universal life insurance. Additionally, Allianz Investment Management LLC (AllianzIM), a registered investment adviser and wholly owned subsidiary of Allianz Life, advises a suite of exchange-traded funds (ETFs). Allianz Life and AllianzIM are part of Allianz SE, a global leader in the financial services industry with more than 157,000 employees in nearly 70 countries. Allianz is proud to be the Worldwide Insurance Partner of the Olympic and Paralympic Movements, and we offer a number of unique experiences to bring this partnership to life with our employees and business partners. As an employer, we want employees to do the best work of their careers here, and support continuous growth with career development and global opportunities. We also know that work is just one part of our employees’ lives, and that means we make sure that they have the time and resources to care for themselves and their families. We offer hybrid work arrangements and flexible scheduling, with strong, comprehensive benefits that start on an employee’s first day with the company. If you’re energetic, driven, and ready to join a team of dedicated professionals, consider a career at Allianz Life. If you have specific questions or concerns about the accessibility or our social media content, please contact us anytime at 651-229-3425. When contacting us, please be sure to specify the particular social post or page with which you need assistance. To view our Social Media terms of use, visit www.allianzlife.com/social-media.
Allianz Life A.I CyberSecurity Scoring
Allianz Life Risk Score (AI oriented)Between 0 and 549
Allianz Life
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Allianz Life Global Score (TPRM)XXXX
Allianz Life
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Allianz Life Company CyberSecurity News & History
Past Incidents
11
Attack Types
3
Allianz Life Insurance Company of North America
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: On December 10, 2024, the Maine Office of the Attorney General reported a data breach involving Allianz Life Insurance Company of North America. The breach, which occurred on April 15, 2024, resulted in the inadvertent disclosure of information affecting 597 individuals, including 17 residents. Allianz Life has offered one year of identity monitoring services provided by Kroll.
Allianz Life Insurance Company of North America
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Hackers gained access to personal data on the majority of the 1.4 million customers of Allianz Life Insurance Company of North America. The data breach occurred on July 16 when a malicious threat actor gained access to a third-party, cloud-based system used by the company. The threat actor was able to obtain personally identifiable data related to the majority of Allianz Life's customers, financial professionals, and select Allianz Life employees, using a social engineering technique. The company took immediate action to contain and mitigate the issue and notified the FBI. Allianz Life's own systems were not accessed, just the third-party's platform. The company has begun reaching out to the impacted individuals and will be offering those affected 24 months of identity theft protection and credit monitoring.
Allianz Life Insurance
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Allianz Life Insurance experienced a significant **data breach** in early 2024, exposing the **sensitive personal information of approximately 1.5 million customers**. The incident involved unauthorized access to customer data, though the exact nature of the compromised information (e.g., financial records, Social Security numbers, or medical details) was not fully disclosed. Such breaches typically heighten risks of **identity theft, financial fraud, and reputational damage** for affected individuals. The scale of the breach—affecting over a million people—suggests systemic vulnerabilities in Allianz’s data security protocols. While the company likely initiated containment measures, the long-term consequences for customer trust and regulatory compliance (e.g., potential GDPR or state-level penalties) remain critical concerns. The breach underscores the growing threat landscape for insurance providers, which hold vast repositories of high-value personal data.
Allianz Life Insurance Company
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Allianz Life Insurance Company experienced a cyberattack on July 16, 2025, compromising the personal information of the majority of its 1.4 million customers. The attack targeted a third-party, cloud-based CRM system used by the insurer. The attackers employed social engineering techniques to gain unauthorized access to personally identifiable information belonging to customers, financial professionals, and select Allianz Life employees. The breach was discovered the following day, prompting immediate containment measures and notification to the FBI. The company emphasized that no other systems were compromised, including the critical policy administration system. This incident highlights the increasing sophistication of cyber threats in the insurance industry.
Allianz Life
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Allianz Life, an insurance company, disclosed a significant data breach affecting approximately **1.497 million customers, employees, and financial professionals** across North America. The breach occurred due to an attack on an unnamed third-party CRM provider, where unauthorized actors accessed sensitive personal data. Compromised information includes **names, addresses, dates of birth, and Social Security numbers (SSNs)**—highly valuable details for identity theft and fraud. The company confirmed the attackers targeted customer, staff, and financial professional records, though no immediate evidence of misuse was reported. Allianz Life responded by offering **two years of identity protection and credit monitoring services** to affected individuals. The breach underscores vulnerabilities in third-party vendor security, raising concerns about supply-chain risks in the financial sector.
Allianz Life
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: Allianz Life, a financial services provider, suffered a significant data breach orchestrated by the cybercrime group **ShinyHunters** in collaboration with **Scattered Spider** and **Lapsus$**. The attack exploited **voice-based social engineering (vishing)**, where criminals impersonated IT helpdesk personnel to trick employees into divulging credentials and multi-factor authentication (MFA) codes. The breach resulted in the **public exposure of 2.8 million records**, including sensitive customer and corporate partner data hosted on **Salesforce**, a customer management platform. The leaked data likely included **personal and financial details**, exposing individuals to risks such as identity theft, fraud, and reputational harm. ShinyHunters publicly released the data on Telegram before the channel was shut down, amplifying the incident’s visibility. The group’s shift to **ransomware-as-a-service (RaaS)**—partnering with other threat actors—suggests escalating tactics, increasing the potential for future extortion or secondary attacks. Allianz Life’s breach underscores vulnerabilities in **third-party cloud providers** and the growing sophistication of **AI-driven social engineering**, where deepfake voice cloning evades traditional detection methods. The incident erodes trust in the company’s data security practices and may trigger regulatory scrutiny, financial penalties, or customer attrition.
Allianz Life
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Allianz Life confirmed a data breach where a threat actor gained access to a third-party, cloud-based CRM system, exposing personal information of the majority of its 1.4 million customers, financial professionals, and select employees. The breach occurred through a social engineering technique, and the company took immediate action to mitigate the issue. The investigation is ongoing, and the attack is believed to have been conducted by the ShinyHunters extortion group.
Allianz Life
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Allianz Life recently confirmed a cyberattack in which criminals stole data on around 1.4 million customers. The stolen data includes names, addresses, dates of birth, and Social Security numbers (SSNs). The company has filed forms with the Attorney General's office in Texas and Massachusetts, confirming the data breach. Although the company took measures to contain the intrusion and notified the FBI, there is no evidence that other systems were accessed. The company will begin notifying affected individuals on August 1. The theft of SSNs is particularly concerning as it can lead to identity theft, fraud, and other criminal activities.
Allianz Life Insurance Company of North America
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: In July 2025, Allianz Life Insurance Company of North America suffered a **cyberattack** targeting a **third-party cloud-based CRM system**, exposing the **sensitive personal data of 1.5 million individuals** (1,497,036 confirmed) across the U.S. The breach, linked to the **ShinyHunters extortion group**, involved a **social engineering campaign** where attackers impersonated IT personnel to gain unauthorized remote access via Salesforce’s Data Loader tool. Compromised data includes **names, addresses, dates of birth, and Social Security numbers**, with **1.1 million email addresses** already surfacing on the dark web (72% tied to prior breaches), heightening risks of **credential stuffing, phishing, and identity theft**.The company confirmed its **core systems and internal networks remained unaffected**, but the CRM breach enabled large-scale **customer data exfiltration**. Allianz Life notified the FBI, launched an investigation, and offered **two years of free identity monitoring (Kroll)** to victims. While no ransom demands were confirmed, the incident underscores vulnerabilities in **third-party vendor security** and the escalating threat of **targeted extortion campaigns**. Customers were advised to monitor financial accounts, enable **multi-factor authentication (MFA)**, and consider **credit freezes** to mitigate fraud risks.
Allianz Life
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: In late July, Allianz Life, a U.S.-based insurance firm, suffered a cyberattack that compromised the personal data of **1.1 million customers**, including names, addresses, phone numbers, and emails. The breach affected a significant portion of its **1.4 million U.S. customers**, along with financial professionals and select employees. While the company’s investigation remains ongoing, it has committed to providing **two years of identity monitoring services** to impacted individuals as a remedial measure. The incident is part of a growing trend of high-profile cyberattacks targeting major corporations, underscoring vulnerabilities in data security. Although no financial or highly sensitive information (e.g., Social Security numbers, medical records) was explicitly mentioned as stolen, the exposure of **personally identifiable information (PII)** poses risks of identity theft, phishing, and fraud. Allianz Life has not disclosed the attack vector, but the scale and nature of the breach suggest a **sophisticated intrusion**, potentially involving credential theft or exploitation of system vulnerabilities. The company’s response includes mitigation efforts, but the long-term reputational and operational impacts—such as customer trust erosion and potential regulatory scrutiny—remain uncertain. The breach aligns with broader industry challenges, as seen in recent attacks on **UnitedHealth Group (192.7M records)** and **Microsoft (100+ organizations)**, highlighting systemic cybersecurity gaps in critical sectors.
Allianz Life
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: Cybercriminals associated with the ShinyHunters, Scattered Spider, and Lapsu$ threat groups leaked **2.8 million stolen records**—including names, addresses, phone numbers, dates of birth, Tax Identification Numbers, and Social Security numbers—of **1.4 million Allianz Life customers and business partners** on a Telegram channel. The data was exfiltrated during a **ransomware attack** targeting Salesforce instances, with the attackers opting to publish the information after Allianz Life likely refused to pay or negotiations failed. The exposed details enable highly targeted phishing, identity theft, financial fraud (e.g., unauthorized loans, credit cards, tax returns), and even medical or employment fraud. The breach also heightens risks of follow-on attacks, such as wire fraud or secondary ransomware campaigns, due to the depth of personal data compromised.
Allianz Life Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Allianz Life
Incidents vs Insurance Industry Average (This Year)
Allianz Life has 1243.28% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Allianz Life has 1306.25% more incidents than the average of all companies with at least one recorded incident.
Incident Types Allianz Life vs Insurance Industry Avg (This Year)
Allianz Life reported 9 incidents this year: 4 cyber attacks, 1 ransomware, 0 vulnerabilities, 4 data breaches, compared to industry peers with at least 1 incident.
Incident History — Allianz Life (X = Date, Y = Severity)
Allianz Life cyber incidents detection timeline including parent company and subsidiaries
Allianz Life Company Subsidiaries
Allianz Life Insurance Company of North America (Allianz Life®) has been trusted since 1896 to help millions of Americans prepare for financial uncertainties and retirement with a variety of innovative risk management solutions. We are a leading provider of fixed index annuities, registered index-linked annuities, and indexed universal life insurance. Additionally, Allianz Investment Management LLC (AllianzIM), a registered investment adviser and wholly owned subsidiary of Allianz Life, advises a suite of exchange-traded funds (ETFs). Allianz Life and AllianzIM are part of Allianz SE, a global leader in the financial services industry with more than 157,000 employees in nearly 70 countries. Allianz is proud to be the Worldwide Insurance Partner of the Olympic and Paralympic Movements, and we offer a number of unique experiences to bring this partnership to life with our employees and business partners. As an employer, we want employees to do the best work of their careers here, and support continuous growth with career development and global opportunities. We also know that work is just one part of our employees’ lives, and that means we make sure that they have the time and resources to care for themselves and their families. We offer hybrid work arrangements and flexible scheduling, with strong, comprehensive benefits that start on an employee’s first day with the company. If you’re energetic, driven, and ready to join a team of dedicated professionals, consider a career at Allianz Life. If you have specific questions or concerns about the accessibility or our social media content, please contact us anytime at 651-229-3425. When contacting us, please be sure to specify the particular social post or page with which you need assistance. To view our Social Media terms of use, visit www.allianzlife.com/social-media.
Loading...
Allianz Life Similar Companies
GEICO
GEICO (Government Employees Insurance Company) offers a variety of insurance such as vehicle, property, business, life, umbrella, travel, pet, jewelry and more. The company, which was founded in 1936, is the third-largest auto insurer in the United States and insures vehicles in all 50 states an
USI Insurance Services
USI is one of the largest insurance brokerage and consulting firms in the world, delivering property and casualty, employee benefits, personal risk, program and retirement solutions to large risk management clients, middle market companies, smaller firms and individuals. Headquartered in Valhalla, N
Aviva
💛 We're a leading Insurance, Wealth & Retirement business. 📣 Follow for #LifeAtAviva. Aviva is nothing without our people. Living up to our purpose to be with you today for a better tomorrow applies to those we work with just as much as it does to our customers. We want Aviva to be a pla
Rosgosstrakh
RGS operates nationwide with over 2,500 branches, agencies and over 400 claims-handling offices covering every one of Russia's 86 regions - from Kaliningrad on the Baltic Sea in the West to Kamchatka on the Pacific Ocean in the Far East, and from Murmansk on the Barents Sea to Sochi (2014 Winter Oly
Tokio Marine Group
Tokio Marine Group is a global insurance group that provides safety and security to customers worldwide. The Group consists of Tokio Marine Holdings and over 250 subsidiaries and 26 affiliates located in more than 480 cities in 46 countries and regions worldwide, operating extensively in the non-li
Sunshine Insurance Group
Established in July 2005, Sunshine Insurance Group has experienced sustainable development, now ranking among the Top 7 insurance groups in China, with an annual business income of $12.6 billion in 2016. Sunshine is composed of Property and Casualty Insurance, Life Insurance, Credit and Guarantee In
Gruppo Unipol
Unipol Group is one of the leading insurance groups in Europe and the leader in Italy in Non-Life business (particularly in Motor and Health), with total premium income of 15.1 billion euros, including 8.7 billion in Non-Life business and 6.4 billion in Life business (2023 figures). Unipol adopts an
AAA-The Auto Club Group
AAA - The Auto Club Group (ACG) is the second largest AAA club in North America, serving more than 13+ million members across 14 U.S. states, the province of Quebec, Puerto Rico, and the U.S. Virgin Islands. For over 100 years, AAA has provided safety, security, and peace of mind. ACG advances AAA’
Talanx
Talanx is one of the major European insurance groups. Under the HDI brand it operates both in Germany and abroad in industrial insurance as well as retail business. Further Group brands include Hannover Re, one of the world’s leading reinsurers, Targo insurers, LifeStyle Protection and neue leben, t
.png)
Allianz Life CyberSecurity News
October 02, 2025 07:00 AM
Toll of separate breaches at Allianz Life, Motility exceeds 2M
More than 2 million individuals had their data compromised as a result of separate breaches at leading U.S. life insurance firm Allianz Life...
October 02, 2025 07:00 AM
1.5 Million Impacted by Allianz Life Data Breach
Allianz Life Insurance Company of North America is notifying 1.5 million people that their personal information was stolen in a data breach.
October 02, 2025 07:00 AM
Allianz Life Under Fire After Data Breach Affects Nearly 1.5 Million
Allianz Life confirms data breach impacted 1.5 million. Lawsuits filed over delayed response and exposed personal information.
October 02, 2025 07:00 AM
Allianz Life reveals almost 1.5m impacted by July data breach
Almost 1.5 million people were impacted by the data breach affecting Allianz Life earlier this year, according to findings by the company.
October 02, 2025 07:00 AM
North American breaches loom, Outlook bug needs Microsoft support, Air Force admits SharePoint issue
Breaches set for North America, Outlook bug needs Microsoft support, Air Force admits SharePoint issue. Cyber Security Headlines.
October 01, 2025 07:00 AM
Allianz Life Data Breach Exposes Personal Records of 1.5 Million Users
Allianz Life Insurance Company of North America has reported a significant data security incident that has exposed the sensitive personal...
October 01, 2025 07:00 AM
3.7M breach notification letters set to flood North America's mailboxes
A trio of companies disclosed data breaches this week affecting approximately 3.7 million customers and employees across North America.
October 01, 2025 07:00 AM
Allianz Life says July data breach impacts 1.5 million people
Allianz Life has completed the investigation into the cyberattack it suffered in July and determined that nearly 1.5 million individuals are...
October 01, 2025 07:00 AM
Allianz Life July Data Breach Impacted 1.5 Million Customers
Allianz Life Insurance is notifying 1.5 million individuals across the US that their personal data was compromised in a July 2025...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Allianz Life CyberSecurity History Information
Official Website of Allianz Life
The official website of Allianz Life is http://www.allianzlife.com.
Allianz Life’s AI-Generated Cybersecurity Score
According to Rankiteo, Allianz Life’s AI-generated cybersecurity score is 100, reflecting their Critical security posture.
How many security badges does Allianz Life’ have ?
According to Rankiteo, Allianz Life currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Allianz Life have SOC 2 Type 1 certification ?
According to Rankiteo, Allianz Life is not certified under SOC 2 Type 1.
Does Allianz Life have SOC 2 Type 2 certification ?
According to Rankiteo, Allianz Life does not hold a SOC 2 Type 2 certification.
Does Allianz Life comply with GDPR ?
According to Rankiteo, Allianz Life is not listed as GDPR compliant.
Does Allianz Life have PCI DSS certification ?
According to Rankiteo, Allianz Life does not currently maintain PCI DSS compliance.
Does Allianz Life comply with HIPAA ?
According to Rankiteo, Allianz Life is not compliant with HIPAA regulations.
Does Allianz Life have ISO 27001 certification ?
According to Rankiteo,Allianz Life is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Allianz Life
Allianz Life operates primarily in the Insurance industry.
Number of Employees at Allianz Life
Allianz Life employs approximately 3,861 people worldwide.
Subsidiaries Owned by Allianz Life
Allianz Life presently has no subsidiaries across any sectors.
Allianz Life’s LinkedIn Followers
Allianz Life’s official LinkedIn profile has approximately 67,004 followers.
NAICS Classification of Allianz Life
Allianz Life is classified under the NAICS code 524, which corresponds to Insurance Carriers and Related Activities.
Allianz Life’s Presence on Crunchbase
No, Allianz Life does not have a profile on Crunchbase.
Allianz Life’s Presence on LinkedIn
Yes, Allianz Life maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/allianz-life.
Cybersecurity Incidents Involving Allianz Life
As of November 27, 2025, Rankiteo reports that Allianz Life has experienced 11 cybersecurity incidents.
Number of Peer and Competitor Companies
Allianz Life has an estimated 14,861 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Allianz Life ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware, Breach and Cyber Attack.
How does Allianz Life detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with notifications to affected individuals within 30 days, and and and containment measures with immediate action to contain and mitigate the issue, and recovery measures with offering 24 months of identity theft protection and credit monitoring, and communication strategy with notifying impacted individuals, and law enforcement notified with fbi notified, and containment measures with immediate action to contain and mitigate the issue, and communication strategy with process of reaching out to individuals impacted with dedicated resources, and law enforcement notified with fbi, and containment measures with measures to contain the intrusion, and communication strategy with notifying affected individuals, and third party assistance with kroll, and communication strategy with public advisory (via media reports), communication strategy with encouraging customers to check exposure via haveibeenpwned and google password checkup, and incident response plan activated with yes (investigation ongoing), and remediation measures with two years of identity monitoring services for impacted individuals, and communication strategy with breach notification via have i been pwned; spokesperson declined further comment during investigation, and communication strategy with google security advisory to 2.5b users, and and third party assistance with forensic investigators (implied), and remediation measures with identity protection and credit monitoring services (allianz: 2 years; westjet: 2 years; motility: 12 months), and communication strategy with public disclosures (maine ag filings), customer notifications, advisories to exercise caution, and and third party assistance with cybersecurity experts (unnamed), third party assistance with kroll (identity monitoring services), and law enforcement notified with fbi, and containment measures with isolation of compromised third-party crm, containment measures with internal investigation, and recovery measures with customer notifications (began 2025-08-01), recovery measures with offer of 2 years of complimentary identity monitoring (kroll), and communication strategy with maine attorney general’s office filing, communication strategy with direct customer notifications, communication strategy with public advisory on protective measures, and communication strategy with public disclosure of the breach..
Incident Details
Can you provide details on each incident ?
Title: Allianz Life Insurance Company Data Breach
Description: Hackers compromised the personal information of the majority of Allianz Life's 1.4 million customers following a sophisticated cyberattack on July 16, 2025.
Date Detected: 2025-07-16
Date Publicly Disclosed: 2025-07-17
Type: Data Breach
Attack Vector: Social Engineering
Vulnerability Exploited: Human Psychology
Threat Actor: Scattered Spider (UNC3944, Octo Tempest)
Motivation: Unauthorized access to personally identifiable information
Title: Allianz Life Data Breach
Description: Hackers gained access to personal data on the majority of the 1.4 million customers of Allianz Life Insurance Company of North America through a third-party, cloud-based system using a social engineering technique.
Date Detected: 2023-07-17
Date Publicly Disclosed: 2023-07-22
Type: Data Breach
Attack Vector: Social Engineering
Threat Actor: Malicious Threat Actor
Title: Allianz Life Data Breach
Description: Allianz Life Insurance Company of North America experienced a data breach where the personal information of the majority of its 1.4 million customers was exposed due to a malicious threat actor gaining access to a third-party, cloud-based CRM system.
Date Detected: 2025-07-16
Type: Data Breach
Attack Vector: Social Engineering
Threat Actor: ShinyHunters
Motivation: Data Exfiltration
Title: Allianz Life Data Breach
Description: Criminals stole data on around 1.4 million customers, including names, addresses, and SSNs.
Type: Data Breach
Attack Vector: Third-party cloud-based CRM system
Motivation: Data theft
Title: Data Breach at Allianz Life Insurance Company of North America
Description: A data breach occurred at Allianz Life Insurance Company of North America, resulting in the inadvertent disclosure of information affecting 597 individuals, including 17 residents.
Date Detected: 2024-04-15
Date Publicly Disclosed: 2024-12-10
Type: Data Breach
Title: Allianz Life Data Leak via Telegram by ShinyHunters, Scattered Spider, and Lapsu$
Description: Cybercriminals leaked stolen data from Allianz Life in a Telegram channel, exposing almost 3 million records from over 1.4 million customers and business partners. The leaked data includes names, addresses, phone numbers, dates of birth, Tax Identification Numbers, and Social Security Numbers. The attack was part of a broader campaign targeting Salesforce instances, with the same threat actors linked to attacks on Internet Archive, Pearson, and Coinbase. The data was published after Allianz Life likely refused to pay the ransom or negotiations failed.
Type: Data Breach
Attack Vector: Exploitation of Salesforce InstancesData Exfiltration
Threat Actor: ShinyHuntersScattered SpiderLapsu$
Motivation: Financial GainExtortionData Theft for Resale or Fraud
Title: Cyberattack on Allianz Life Compromises Personal Data of 1.1 Million Customers
Description: A cyberattack at U.S. insurance firm Allianz Life in late July compromised the personal data of 1.1 million customers. The hacked information includes names, addresses, phone numbers, and emails of customers. Allianz Life is providing two years of identity monitoring services to impacted individuals. The breach is part of a broader wave of high-profile cyberattacks targeting global companies, including Microsoft and UnitedHealth Group.
Date Detected: Late July 2024
Date Publicly Disclosed: 2024-08-12
Type: Data Breach
Title: ShinyHunters Data Breach via Salesforce Using Vishing Tactics
Description: Cyber crime group ShinyHunters targeted Salesforce, a customer management platform, using voice-based social engineering (vishing) tactics, including deepfake and AI-cloned voices. The breach prompted Google to urge 2.5 billion users to tighten security. The group, in collaboration with Scattered Spider and Lapsus$, publicly released 2.8 million data records from Allianz Life's Salesforce database, affecting individual customers and corporate partners. ShinyHunters has shifted tactics from exploiting cloud vulnerabilities to social engineering, expanding their attack surface.
Date Publicly Disclosed: 2024-08-mid
Type: Data Breach
Attack Vector: Voice Phishing (Vishing)Deepfake Voice CloningAI-Generated Voice SpoofingSocial Engineering (IT Helpdesk Impersonation)Multi-Factor Authentication (MFA) Bypass
Vulnerability Exploited: Human Trust VulnerabilityLack of Phishing-Resistant MFAInsufficient Employee Training on Vishing
Threat Actor: ShinyHuntersScattered Spider (UNC3944, Scatter Swine, Oktapus, Octo Tempest, Storm-0875, Muddled Libra)Lapsus$
Motivation: Financial GainReputational DamageData Theft for Resale
Title: Data Breaches Affecting 3.7 Million Customers Across Allianz Life, WestJet, and Motility Software Solutions
Description: A trio of companies—Allianz Life, WestJet, and Motility Software Solutions—disclosed data breaches this week affecting approximately 3.7 million customers and employees across North America. The incidents involved unauthorized access to third-party CRM providers, ransomware attacks, and data exfiltration by threat actors, including the Scattered Spider group. Personal data such as names, addresses, SSNs, and driver’s license numbers were compromised. All three companies offered identity protection and credit monitoring services to affected individuals.
Date Publicly Disclosed: 2023-10-XX (exact dates vary per company)
Type: Data Breach
Attack Vector: Third-party CRM compromiseMalware deployment (ransomware)Unauthorized access
Threat Actor: Scattered Spider (WestJet)Unnamed actor (Allianz Life)Unnamed actor (Motility Software Solutions)
Motivation: Data TheftFinancial Gain (likely)
Title: Allianz Life Insurance Data Breach via Third-Party CRM Compromise (July 2025)
Description: Allianz Life Insurance Company of North America experienced a cyberattack in July 2025, resulting in the exposure of sensitive personal data of 1.5 million individuals across the U.S. The breach originated from a compromise of a third-party cloud-based CRM system, facilitated by a targeted social engineering campaign. Attackers, likely linked to the ShinyHunters extortion group, impersonated IT personnel to gain unauthorized remote access via Salesforce’s Data Loader tool. While Allianz Life’s core systems remained unaffected, the incident led to the exfiltration of names, addresses, dates of birth, and Social Security numbers. Over 1.1 million compromised email addresses have surfaced on the dark web, raising concerns about credential stuffing and phishing risks. Allianz Life notified the FBI, launched an investigation, and offered affected individuals two years of complimentary identity monitoring and credit protection services through Kroll.
Date Detected: 2025-07-17
Date Publicly Disclosed: 2025-08-01
Type: Data Breach
Attack Vector: Social EngineeringImpersonation (IT Personnel)Unauthorized Remote AccessExploitation of Salesforce Data Loader Tool
Vulnerability Exploited: Human Error (Social Engineering Susceptibility)Third-Party CRM Security Weaknesses
Threat Actor: ShinyHunters (suspected)
Motivation: Data TheftExtortion (potential, unconfirmed)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Third-party, cloud-based CRM system, Third-party Cloud-based System, Third-party, cloud-based CRM system, Third-party cloud-based CRM system, Likely via compromised Salesforce instances, IT Helpdesk Impersonation via Vishing Calls, Third-party CRM provider (Allianz Life) and Third-Party Cloud-Based CRM System (via Social Engineering).
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach ALL547072725
Data Compromised: Personally identifiable information
Systems Affected: Third-party, cloud-based CRM system
Incident : Data Breach ALL548072725
Data Compromised: Personally identifiable information
Systems Affected: Third-party Cloud-based System
Identity Theft Risk: True
Incident : Data Breach ALL550072725
Data Compromised: Personally Identifiable Information
Systems Affected: Third-party, cloud-based CRM system
Incident : Data Breach ALL832080125
Data Compromised: Full names, Postal addresses, Dates of birth, Social security numbers (ssns)
Systems Affected: Third-party cloud-based CRM system
Identity Theft Risk: High
Incident : Data Breach ALL841080425
Data Compromised: Personal Information
Incident : Data Breach ALL316081425
Data Compromised: Names, Addresses, Phone numbers, Dates of birth, Tax identification numbers, Social security numbers, Business partner records
Systems Affected: Salesforce Instances
Brand Reputation Impact: High (Sensitive customer data exposed, risk of identity theft and fraud)
Identity Theft Risk: High (Sufficient data for impersonation, phishing, financial fraud, and tax fraud)
Incident : Data Breach ALL538082025
Data Compromised: Names, Addresses, Phone numbers, Emails
Brand Reputation Impact: Potential negative impact due to high-profile breach
Identity Theft Risk: High (personal data exposed)
Incident : Data Breach ALL505090325
Data Compromised: Customer records, Corporate partner data
Systems Affected: Salesforce Customer Management Platform
Operational Impact: Loss of Customer TrustIncreased Security Scrutiny
Brand Reputation Impact: Severe (Public Data Dump, Extortion Messages)
Identity Theft Risk: ['High (PII Exposed in 2.8M Records)']
Incident : Data Breach ALL2292722100125
Systems Affected: CRM systems (Allianz Life)Online services and mobile app (WestJet)Internal systems (Motility Software Solutions)
Downtime: ['Interruptions in WestJet’s online services and mobile app']
Operational Impact: WestJet: No impact on safety/integrity of operations; Motility: Restricted access to internal data due to encryption
Brand Reputation Impact: Potential reputational damage for all three companies
Identity Theft Risk: ['High (SSNs, driver’s license numbers, and other PII exposed)']
Payment Information Risk: ['WestJet confirmed credit/debit card numbers, expiry dates, CVVs, and passwords were *not* compromised']
Incident : Data Breach ALL2592725100125
Data Compromised: Names, Addresses, Dates of birth, Social security numbers, Email addresses
Systems Affected: Third-Party Cloud-Based CRM System
Operational Impact: Limited to Third-Party CRM; Core Policy Administration Systems Untouched
Brand Reputation Impact: Potential Reputation Damage Due to Large-Scale Data Exposure
Identity Theft Risk: ['High (Due to Exposure of SSNs and PII)']
Incident : Data Breach ALL0033200100325
Data Compromised: Sensitive personal data
Brand Reputation Impact: Potential negative impact due to exposure of 1.5 million customers' data
Identity Theft Risk: High (sensitive personal data compromised)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personally Identifiable Information, Personally Identifiable Information, , Personally Identifiable Information, Full Names, Postal Addresses, Dates Of Birth, Social Security Numbers (Ssns), , Personal Information, Personally Identifiable Information (Pii), Financial Identification Data (Tax Ids, Ssns), Contact Information, Business Partner Data, , Personal Information, Personally Identifiable Information (Pii), , Personally Identifiable Information (Pii), Corporate Partner Data, , Names, Addresses, Dates Of Birth, Ssns (Allianz Life), Names, Contact Details, Reservation/Travel Documents, Relationship Data (Westjet), Full Names, Home/Email Addresses, Phone Numbers, Dates Of Birth, Ssns, Driver’S License Numbers (Motility), , Personally Identifiable Information (Pii), Sensitive Personal Data, , Sensitive Personal Data and .
Which entities were affected by each incident ?
Incident : Data Breach ALL547072725
Entity Name: Allianz Life Insurance Company
Entity Type: Insurance Provider
Industry: Insurance
Location: Minneapolis, USA
Size: 1.4 million customers
Customers Affected: Majority of 1.4 million customers
Incident : Data Breach ALL548072725
Entity Name: Allianz Life Insurance Company of North America
Entity Type: Insurance Company
Industry: Insurance
Location: Minneapolis, Minnesota, USA
Size: Nearly 2,000 employees
Customers Affected: Majority of 1.4 million customers
Incident : Data Breach ALL550072725
Entity Name: Allianz Life Insurance Company of North America
Entity Type: Insurance Company
Industry: Financial Services
Location: North America
Size: 1.4 million customers
Customers Affected: Majority of 1.4 million customers
Incident : Data Breach ALL832080125
Entity Name: Allianz Life
Entity Type: Insurance Company
Industry: Insurance
Customers Affected: 1.4 million
Incident : Data Breach ALL841080425
Entity Name: Allianz Life Insurance Company of North America
Entity Type: Insurance Company
Industry: Insurance
Customers Affected: 597
Incident : Data Breach ALL316081425
Entity Name: Allianz Life
Entity Type: Insurance Company
Industry: Financial Services / Insurance
Size: 1.4 million customers affected
Customers Affected: 1.4 million (majority of customer base)
Incident : Data Breach ALL316081425
Entity Name: Salesforce (indirectly, as platform)
Entity Type: Cloud Services Provider
Industry: Technology
Incident : Data Breach ALL316081425
Entity Name: Business Partners of Allianz Life
Entity Type: Corporate Entities
Customers Affected: Included in 2.8 million records
Incident : Data Breach ALL538082025
Entity Name: Allianz Life
Entity Type: Insurance Firm
Industry: Insurance
Location: United States
Size: 1.4 million customers (U.S.)
Customers Affected: 1.1 million
Incident : Data Breach ALL505090325
Entity Name: Salesforce
Entity Type: Customer Relationship Management (CRM) Platform
Industry: Technology/Cloud Services
Location: Global
Size: Enterprise
Customers Affected: 2.5 billion (Google advisory) + 2.8 million (Allianz Life records)
Incident : Data Breach ALL505090325
Entity Name: Allianz Life
Entity Type: Insurance Provider
Industry: Financial Services
Location: Global (HQ: Germany/USA)
Size: Enterprise
Customers Affected: 2.8 million
Incident : Data Breach ALL505090325
Entity Name: Google
Entity Type: Technology Company
Industry: Internet Services
Location: Global
Size: Enterprise
Customers Affected: 2.5 billion (security advisory)
Incident : Data Breach ALL505090325
Entity Name: Qantas
Entity Type: Airline
Industry: Aviation
Location: Australia
Size: Enterprise
Incident : Data Breach ALL505090325
Entity Name: Pandora
Entity Type: Jewelry Retailer
Industry: Retail
Location: Global
Size: Enterprise
Incident : Data Breach ALL505090325
Entity Name: Adidas
Entity Type: Sportswear Manufacturer
Industry: Retail
Location: Global
Size: Enterprise
Incident : Data Breach ALL505090325
Entity Name: Chanel
Entity Type: Luxury Fashion
Industry: Retail
Location: Global
Size: Enterprise
Incident : Data Breach ALL505090325
Entity Name: Tiffany & Co.
Entity Type: Luxury Jewelry
Industry: Retail
Location: Global
Size: Enterprise
Incident : Data Breach ALL505090325
Entity Name: Cisco
Entity Type: Networking Hardware
Industry: Technology
Location: Global
Size: Enterprise
Incident : Data Breach ALL505090325
Entity Name: AT&T
Entity Type: Telecommunications
Industry: Telecom
Location: USA
Size: Enterprise
Customers Affected: 73 million (2021 breach)
Incident : Data Breach ALL2292722100125
Entity Name: Allianz Life
Entity Type: Insurance Company
Industry: Financial Services
Location: North America (primarily U.S.)
Customers Affected: 1,497,036
Incident : Data Breach ALL2292722100125
Entity Name: WestJet
Entity Type: Airline
Industry: Aviation/Transportation
Location: Canada (affected U.S. customers: 1.2 million)
Customers Affected: 1,200,000 (U.S. customers only; total not specified)
Incident : Data Breach ALL2292722100125
Entity Name: Motility Software Solutions
Entity Type: Software Provider
Industry: Automotive (RV/powersports dealerships)
Location: Ohio, U.S.
Customers Affected: 766,670
Incident : Data Breach ALL2592725100125
Entity Name: Allianz Life Insurance Company of North America
Entity Type: Subsidiary
Industry: Financial Services, Insurance
Location: Minneapolis, Minnesota, USA
Size: Large (Subsidiary of Allianz SE, Serving 128M+ Customers Globally)
Customers Affected: 1,497,036 individuals
Incident : Data Breach ALL0033200100325
Entity Name: Allianz Life Insurance
Entity Type: Insurance Company
Industry: Financial Services / Insurance
Customers Affected: 1,500,000
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach ALL547072725
Communication Strategy: Notifications to affected individuals within 30 days
Incident : Data Breach ALL548072725
Incident Response Plan Activated: True
Containment Measures: Immediate action to contain and mitigate the issue
Recovery Measures: Offering 24 months of identity theft protection and credit monitoring
Communication Strategy: Notifying impacted individuals
Incident : Data Breach ALL550072725
Law Enforcement Notified: FBI notified
Containment Measures: Immediate action to contain and mitigate the issue
Communication Strategy: Process of reaching out to individuals impacted with dedicated resources
Incident : Data Breach ALL832080125
Law Enforcement Notified: FBI
Containment Measures: Measures to contain the intrusion
Communication Strategy: Notifying affected individuals
Incident : Data Breach ALL841080425
Third Party Assistance: Kroll
Incident : Data Breach ALL316081425
Communication Strategy: Public Advisory (via media reports)Encouraging customers to check exposure via HaveIBeenPwned and Google Password Checkup
Incident : Data Breach ALL538082025
Incident Response Plan Activated: Yes (investigation ongoing)
Remediation Measures: Two years of identity monitoring services for impacted individuals
Communication Strategy: Breach notification via Have I Been Pwned; spokesperson declined further comment during investigation
Incident : Data Breach ALL505090325
Communication Strategy: Google Security Advisory to 2.5B Users
Incident : Data Breach ALL2292722100125
Incident Response Plan Activated: True
Third Party Assistance: Forensic Investigators (Implied).
Remediation Measures: Identity protection and credit monitoring services (Allianz: 2 years; WestJet: 2 years; Motility: 12 months)
Communication Strategy: Public disclosures (Maine AG filings), customer notifications, advisories to exercise caution
Incident : Data Breach ALL2592725100125
Incident Response Plan Activated: True
Third Party Assistance: Cybersecurity Experts (Unnamed), Kroll (Identity Monitoring Services).
Law Enforcement Notified: FBI,
Containment Measures: Isolation of Compromised Third-Party CRMInternal Investigation
Recovery Measures: Customer Notifications (Began 2025-08-01)Offer of 2 Years of Complimentary Identity Monitoring (Kroll)
Communication Strategy: Maine Attorney General’s Office FilingDirect Customer NotificationsPublic Advisory on Protective Measures
Incident : Data Breach ALL0033200100325
Communication Strategy: Public disclosure of the breach
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Yes (investigation ongoing), , .
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Kroll, Forensic investigators (implied), , Cybersecurity Experts (Unnamed), Kroll (Identity Monitoring Services), .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach ALL547072725
Type of Data Compromised: Personally Identifiable Information
Number of Records Exposed: Majority of 1.4 million
Sensitivity of Data: High
Incident : Data Breach ALL548072725
Type of Data Compromised: Personally identifiable information
Number of Records Exposed: Majority of 1.4 million customers
Sensitivity of Data: High
Incident : Data Breach ALL550072725
Type of Data Compromised: Personally Identifiable Information
Number of Records Exposed: Majority of 1.4 million customers
Data Exfiltration: Yes
Personally Identifiable Information: Yes
Incident : Data Breach ALL832080125
Type of Data Compromised: Full names, Postal addresses, Dates of birth, Social security numbers (ssns)
Number of Records Exposed: 1.4 million
Sensitivity of Data: High
Personally Identifiable Information: Full namesPostal addressesDates of birthSocial Security numbers (SSNs)
Incident : Data Breach ALL841080425
Type of Data Compromised: Personal Information
Number of Records Exposed: 597
Incident : Data Breach ALL316081425
Type of Data Compromised: Personally identifiable information (pii), Financial identification data (tax ids, ssns), Contact information, Business partner data
Number of Records Exposed: 2.8 million
Sensitivity of Data: High (Includes SSNs, Tax IDs, and full PII for identity theft)
Data Exfiltration: Yes (via Telegram channel)
Personally Identifiable Information: NamesAddressesPhone NumbersDates of BirthTax Identification NumbersSocial Security Numbers
Incident : Data Breach ALL538082025
Type of Data Compromised: Personal information, Personally identifiable information (pii)
Number of Records Exposed: 1,100,000
Sensitivity of Data: High (PII including names, addresses, phone numbers, emails)
Data Exfiltration: Yes
Personally Identifiable Information: Yes
Incident : Data Breach ALL505090325
Type of Data Compromised: Personally identifiable information (pii), Corporate partner data
Number of Records Exposed: 2.8 million (Allianz Life) + 73 million (AT&T, 2021)
Sensitivity of Data: High
Data Exfiltration: Yes (Publicly Released on Telegram)
Personally Identifiable Information: Yes
Incident : Data Breach ALL2292722100125
Type of Data Compromised: Names, addresses, dates of birth, ssns (allianz life), Names, contact details, reservation/travel documents, relationship data (westjet), Full names, home/email addresses, phone numbers, dates of birth, ssns, driver’s license numbers (motility)
Number of Records Exposed: 3,700,000+ (aggregated across all three companies)
Sensitivity of Data: High (PII including SSNs and driver’s license numbers)
Data Encryption: ['Motility: Files encrypted by ransomware before exfiltration']
Incident : Data Breach ALL2592725100125
Type of Data Compromised: Personally identifiable information (pii), Sensitive personal data
Number of Records Exposed: 1,497,036
Sensitivity of Data: High (Includes SSNs, Dates of Birth, Email Addresses)
Personally Identifiable Information: NamesAddressesDates of BirthSocial Security NumbersEmail Addresses
Incident : Data Breach ALL0033200100325
Type of Data Compromised: Sensitive personal data
Number of Records Exposed: 1,500,000
Sensitivity of Data: High
Personally Identifiable Information: Yes
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Two years of identity monitoring services for impacted individuals, Identity protection and credit monitoring services (Allianz: 2 years; WestJet: 2 years; Motility: 12 months), .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by immediate action to contain and mitigate the issue, , immediate action to contain and mitigate the issue, measures to contain the intrusion, isolation of compromised third-party crm, internal investigation and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Data Breach ALL505090325
Data Exfiltration: Yes (via Vishing & Cloud Access)
Incident : Data Breach ALL2292722100125
Data Encryption: ['Motility: Partial encryption of internal systems']
Data Exfiltration: ['Motility: Limited files removed pre-encryption']
Incident : Data Breach ALL2592725100125
Data Exfiltration: True
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Offering 24 months of identity theft protection and credit monitoring, , Customer Notifications (Began 2025-08-01), Offer of 2 Years of Complimentary Identity Monitoring (Kroll), .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach ALL547072725
Regulations Violated: Maine’s data breach notification law
Regulatory Notifications: Maine’s attorney general
Incident : Data Breach ALL548072725
Regulatory Notifications: Maine Attorney General's Office
Incident : Data Breach ALL550072725
Regulatory Notifications: Mandatory filing with Maine's Attorney General's Office
Incident : Data Breach ALL832080125
Regulatory Notifications: Attorney General’s office in Texas and Massachusetts
Incident : Data Breach ALL2292722100125
Regulatory Notifications: Filed with Maine Attorney General’s Office (all three companies)
Incident : Data Breach ALL2592725100125
Regulatory Notifications: Maine Attorney General’s Office
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Data Breach ALL316081425
Lessons Learned: Ransomware groups may leak data even if ransom is paid; assume worst-case scenarios in response planning., Salesforce instances can be high-value targets for mass data exfiltration., Proactive customer communication and tools (e.g., HaveIBeenPwned) are critical for mitigating post-breach risks., Multi-factor authentication and password hygiene are essential to prevent downstream phishing/identity theft.
Incident : Data Breach ALL505090325
Lessons Learned: Vishing attacks leveraging deepfake/AI voice cloning are increasingly effective and difficult to detect., Collaboration between cybercrime groups (e.g., ShinyHunters, Scattered Spider, Lapsus$) amplifies threat capabilities., Targeting cloud platforms like Salesforce enables access to multiple victims' data in a single breach., Traditional MFA methods (e.g., SMS codes) are vulnerable to social engineering; phishing-resistant MFA (e.g., number matching, geo-verification) is critical., Employee training must include scenario-based vishing simulations to improve detection rates.
What recommendations were made to prevent future incidents ?
Incident : Data Breach ALL547072725
Recommendations: Enhanced cybersecurity measures across the insurance industry
Incident : Data Breach ALL316081425
Recommendations: Monitor dark web/Telegram channels for further leaks., Offer credit monitoring/identity theft protection to affected customers., Conduct a forensic audit of Salesforce and related systems., Implement stricter access controls and anomaly detection for cloud platforms., Educate customers on phishing risks and fraud prevention.Monitor dark web/Telegram channels for further leaks., Offer credit monitoring/identity theft protection to affected customers., Conduct a forensic audit of Salesforce and related systems., Implement stricter access controls and anomaly detection for cloud platforms., Educate customers on phishing risks and fraud prevention.Monitor dark web/Telegram channels for further leaks., Offer credit monitoring/identity theft protection to affected customers., Conduct a forensic audit of Salesforce and related systems., Implement stricter access controls and anomaly detection for cloud platforms., Educate customers on phishing risks and fraud prevention.Monitor dark web/Telegram channels for further leaks., Offer credit monitoring/identity theft protection to affected customers., Conduct a forensic audit of Salesforce and related systems., Implement stricter access controls and anomaly detection for cloud platforms., Educate customers on phishing risks and fraud prevention.Monitor dark web/Telegram channels for further leaks., Offer credit monitoring/identity theft protection to affected customers., Conduct a forensic audit of Salesforce and related systems., Implement stricter access controls and anomaly detection for cloud platforms., Educate customers on phishing risks and fraud prevention.
Incident : Data Breach ALL505090325
Recommendations: Implement phishing-resistant MFA (e.g., FIDO2, number matching, geo-verification)., Conduct regular vishing simulation exercises for employees, especially IT helpdesk and support teams., Enforce multi-layer verification for sensitive actions (e.g., on-camera ID checks, challenge questions not publicly available)., Monitor dark web/Telegram channels for leaked credentials or extortion announcements., Adopt zero-trust principles, particularly for cloud-based CRM/ERP platforms., Collaborate with industry peers to share threat intelligence on emerging vishing tactics., Deploy AI-based anomaly detection for voice communications in call centers/IT support.Implement phishing-resistant MFA (e.g., FIDO2, number matching, geo-verification)., Conduct regular vishing simulation exercises for employees, especially IT helpdesk and support teams., Enforce multi-layer verification for sensitive actions (e.g., on-camera ID checks, challenge questions not publicly available)., Monitor dark web/Telegram channels for leaked credentials or extortion announcements., Adopt zero-trust principles, particularly for cloud-based CRM/ERP platforms., Collaborate with industry peers to share threat intelligence on emerging vishing tactics., Deploy AI-based anomaly detection for voice communications in call centers/IT support.Implement phishing-resistant MFA (e.g., FIDO2, number matching, geo-verification)., Conduct regular vishing simulation exercises for employees, especially IT helpdesk and support teams., Enforce multi-layer verification for sensitive actions (e.g., on-camera ID checks, challenge questions not publicly available)., Monitor dark web/Telegram channels for leaked credentials or extortion announcements., Adopt zero-trust principles, particularly for cloud-based CRM/ERP platforms., Collaborate with industry peers to share threat intelligence on emerging vishing tactics., Deploy AI-based anomaly detection for voice communications in call centers/IT support.Implement phishing-resistant MFA (e.g., FIDO2, number matching, geo-verification)., Conduct regular vishing simulation exercises for employees, especially IT helpdesk and support teams., Enforce multi-layer verification for sensitive actions (e.g., on-camera ID checks, challenge questions not publicly available)., Monitor dark web/Telegram channels for leaked credentials or extortion announcements., Adopt zero-trust principles, particularly for cloud-based CRM/ERP platforms., Collaborate with industry peers to share threat intelligence on emerging vishing tactics., Deploy AI-based anomaly detection for voice communications in call centers/IT support.Implement phishing-resistant MFA (e.g., FIDO2, number matching, geo-verification)., Conduct regular vishing simulation exercises for employees, especially IT helpdesk and support teams., Enforce multi-layer verification for sensitive actions (e.g., on-camera ID checks, challenge questions not publicly available)., Monitor dark web/Telegram channels for leaked credentials or extortion announcements., Adopt zero-trust principles, particularly for cloud-based CRM/ERP platforms., Collaborate with industry peers to share threat intelligence on emerging vishing tactics., Deploy AI-based anomaly detection for voice communications in call centers/IT support.Implement phishing-resistant MFA (e.g., FIDO2, number matching, geo-verification)., Conduct regular vishing simulation exercises for employees, especially IT helpdesk and support teams., Enforce multi-layer verification for sensitive actions (e.g., on-camera ID checks, challenge questions not publicly available)., Monitor dark web/Telegram channels for leaked credentials or extortion announcements., Adopt zero-trust principles, particularly for cloud-based CRM/ERP platforms., Collaborate with industry peers to share threat intelligence on emerging vishing tactics., Deploy AI-based anomaly detection for voice communications in call centers/IT support.Implement phishing-resistant MFA (e.g., FIDO2, number matching, geo-verification)., Conduct regular vishing simulation exercises for employees, especially IT helpdesk and support teams., Enforce multi-layer verification for sensitive actions (e.g., on-camera ID checks, challenge questions not publicly available)., Monitor dark web/Telegram channels for leaked credentials or extortion announcements., Adopt zero-trust principles, particularly for cloud-based CRM/ERP platforms., Collaborate with industry peers to share threat intelligence on emerging vishing tactics., Deploy AI-based anomaly detection for voice communications in call centers/IT support.
Incident : Data Breach ALL2592725100125
Recommendations: Enable multi-factor authentication (MFA) on sensitive accounts., Place fraud alerts or credit freezes with major credit bureaus., Regularly review financial statements for unauthorized activity., Remain vigilant against phishing and credential stuffing attempts., Third-party vendors should enhance security protocols against social engineering attacks.Enable multi-factor authentication (MFA) on sensitive accounts., Place fraud alerts or credit freezes with major credit bureaus., Regularly review financial statements for unauthorized activity., Remain vigilant against phishing and credential stuffing attempts., Third-party vendors should enhance security protocols against social engineering attacks.Enable multi-factor authentication (MFA) on sensitive accounts., Place fraud alerts or credit freezes with major credit bureaus., Regularly review financial statements for unauthorized activity., Remain vigilant against phishing and credential stuffing attempts., Third-party vendors should enhance security protocols against social engineering attacks.Enable multi-factor authentication (MFA) on sensitive accounts., Place fraud alerts or credit freezes with major credit bureaus., Regularly review financial statements for unauthorized activity., Remain vigilant against phishing and credential stuffing attempts., Third-party vendors should enhance security protocols against social engineering attacks.Enable multi-factor authentication (MFA) on sensitive accounts., Place fraud alerts or credit freezes with major credit bureaus., Regularly review financial statements for unauthorized activity., Remain vigilant against phishing and credential stuffing attempts., Third-party vendors should enhance security protocols against social engineering attacks.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Ransomware groups may leak data even if ransom is paid; assume worst-case scenarios in response planning.,Salesforce instances can be high-value targets for mass data exfiltration.,Proactive customer communication and tools (e.g., HaveIBeenPwned) are critical for mitigating post-breach risks.,Multi-factor authentication and password hygiene are essential to prevent downstream phishing/identity theft.Vishing attacks leveraging deepfake/AI voice cloning are increasingly effective and difficult to detect.,Collaboration between cybercrime groups (e.g., ShinyHunters, Scattered Spider, Lapsus$) amplifies threat capabilities.,Targeting cloud platforms like Salesforce enables access to multiple victims' data in a single breach.,Traditional MFA methods (e.g., SMS codes) are vulnerable to social engineering; phishing-resistant MFA (e.g., number matching, geo-verification) is critical.,Employee training must include scenario-based vishing simulations to improve detection rates.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Enhanced cybersecurity measures across the insurance industry.
References
Where can I find more information about each incident ?
Incident : Data Breach ALL547072725
Source: Company spokesperson Brett Weinberg
Incident : Data Breach ALL550072725
Source: BleepingComputer
Incident : Data Breach ALL832080125
Source: TechCrunch
Incident : Data Breach ALL841080425
Source: Maine Office of the Attorney General
Date Accessed: 2024-12-10
Incident : Data Breach ALL316081425
Source: TechRadar
Incident : Data Breach ALL316081425
Source: BleepingComputer
Incident : Data Breach ALL316081425
Source: Google Password Checkup
Incident : Data Breach ALL538082025
Source: Reuters (Reporting by Juby Babu; Editing by Mohammed Safi Shamsi and Alan Barona)
Date Accessed: 2024-08-12
Incident : Data Breach ALL505090325
Source: The Conversation (Article on ShinyHunters Vishing Attacks)
Incident : Data Breach ALL505090325
Source: Google Security Advisory (2.5B User Alert)
Incident : Data Breach ALL505090325
Source: Telegram Post by ShinyHunters (Allianz Life Data Dump)
Date Accessed: 2024-08-mid
Incident : Data Breach ALL2292722100125
Source: The Register
URL: https://www.theregister.com/2023/10/XX/allianz_westjet_motility_breaches/
Incident : Data Breach ALL2292722100125
Source: Maine Attorney General’s Office (Allianz Life filing)
Incident : Data Breach ALL2292722100125
Source: Maine Attorney General’s Office (WestJet filing)
Incident : Data Breach ALL2292722100125
Source: Maine Attorney General’s Office (Motility filing)
Incident : Data Breach ALL2592725100125
Source: Maine Attorney General’s Office Filing
Incident : Data Breach ALL2592725100125
Source: Have I Been Pwned (Breach Monitoring Service)
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Company spokesperson Brett Weinberg, and Source: Company StatementDate Accessed: 2023-07-22, and Source: BleepingComputer, and Source: TechCrunch, and Source: Maine Office of the Attorney GeneralDate Accessed: 2024-12-10, and Source: TechRadar, and Source: BleepingComputer, and Source: HaveIBeenPwnedUrl: https://haveibeenpwned.com, and Source: Google Password CheckupUrl: https://passwords.google.com/checkup, and Source: Have I Been PwnedDate Accessed: 2024-08-12, and Source: Reuters (Reporting by Juby Babu; Editing by Mohammed Safi Shamsi and Alan Barona)Date Accessed: 2024-08-12, and Source: The Conversation (Article on ShinyHunters Vishing Attacks), and Source: Google Security Advisory (2.5B User Alert), and Source: Telegram Post by ShinyHunters (Allianz Life Data Dump)Date Accessed: 2024-08-mid, and Source: The RegisterUrl: https://www.theregister.com/2023/10/XX/allianz_westjet_motility_breaches/, and Source: Maine Attorney General’s Office (Allianz Life filing), and Source: Maine Attorney General’s Office (WestJet filing), and Source: Maine Attorney General’s Office (Motility filing), and Source: Maine Attorney General’s Office Filing, and Source: Have I Been Pwned (Breach Monitoring Service)Url: https://haveibeenpwned.com.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach ALL547072725
Investigation Status: Ongoing
Incident : Data Breach ALL548072725
Investigation Status: Ongoing
Incident : Data Breach ALL550072725
Investigation Status: Ongoing
Incident : Data Breach ALL316081425
Investigation Status: Ongoing (publicly disclosed, but no official resolution details)
Incident : Data Breach ALL538082025
Investigation Status: Ongoing
Incident : Data Breach ALL505090325
Investigation Status: Ongoing (Telegram channel taken down; no public updates on arrests or further breaches)
Incident : Data Breach ALL2292722100125
Investigation Status: ['Allianz Life: Ongoing/completed (not specified)', 'WestJet: Completed (ended September 15, 2023)', 'Motility: Completed (forensic investigation concluded)']
Incident : Data Breach ALL2592725100125
Investigation Status: Ongoing (Internal Investigation with Cybersecurity Experts)
Incident : Data Breach ALL0033200100325
Investigation Status: Confirmed (publicly disclosed)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notifications to affected individuals within 30 days, Notifying Impacted Individuals, Process of reaching out to individuals impacted with dedicated resources, Notifying affected individuals, Public Advisory (Via Media Reports), Encouraging Customers To Check Exposure Via Haveibeenpwned And Google Password Checkup, Breach notification via Have I Been Pwned; spokesperson declined further comment during investigation, Google Security Advisory To 2.5B Users, Public Disclosures (Maine Ag Filings), Customer Notifications, Advisories To Exercise Caution, Maine Attorney General’S Office Filing, Direct Customer Notifications, Public Advisory On Protective Measures and Public disclosure of the breach.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach ALL547072725
Customer Advisories: Planned around August 1, 2025
Incident : Data Breach ALL548072725
Incident : Data Breach ALL550072725
Customer Advisories: Placeholder notification issued
Incident : Data Breach ALL832080125
Customer Advisories: Notifying affected individuals on August 1
Incident : Data Breach ALL316081425
Customer Advisories: Check exposure via HaveIBeenPwned or Google Password Checkup.Be vigilant for phishing attempts and identity theft (e.g., fraudulent loans, tax filings).Consider freezing credit reports if SSNs were exposed.
Incident : Data Breach ALL538082025
Customer Advisories: Two years of identity monitoring services provided to impacted individuals
Incident : Data Breach ALL505090325
Stakeholder Advisories: Google'S Global Security Advisory To Users.
Customer Advisories: Google urged users to enable advanced security measures (e.g., phishing-resistant MFA)
Incident : Data Breach ALL2292722100125
Stakeholder Advisories: All Companies Notified Affected Individuals And Offered Credit Monitoring.
Customer Advisories: WestJet: Encouraged staff/customers to exercise caution; Allianz/Motility: Provided identity protection services
Incident : Data Breach ALL2592725100125
Stakeholder Advisories: Fbi Notification, Public Disclosure Via Maine Ag Office.
Customer Advisories: Written notifications sent to affected individuals (starting 2025-08-01).Offer of 2 years of Kroll Identity Monitoring Services (single-bureau credit monitoring, fraud consultation, identity theft restoration).Guidance on protective measures (MFA, credit freezes, vigilance against phishing).
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Planned around August 1, 2025, , Placeholder notification issued, Notifying affected individuals on August 1, Check Exposure Via Haveibeenpwned Or Google Password Checkup., Be Vigilant For Phishing Attempts And Identity Theft (E.G., Fraudulent Loans, Tax Filings)., Consider Freezing Credit Reports If Ssns Were Exposed., , Two years of identity monitoring services provided to impacted individuals, Google'S Global Security Advisory To Users, Google Urged Users To Enable Advanced Security Measures (E.G., Phishing-Resistant Mfa), , All Companies Notified Affected Individuals And Offered Credit Monitoring, Westjet: Encouraged Staff/Customers To Exercise Caution; Allianz/Motility: Provided Identity Protection Services, , Fbi Notification, Public Disclosure Via Maine Ag Office, Written Notifications Sent To Affected Individuals (Starting 2025-08-01)., Offer Of 2 Years Of Kroll Identity Monitoring Services (Single-Bureau Credit Monitoring, Fraud Consultation, Identity Theft Restoration)., Guidance On Protective Measures (Mfa, Credit Freezes, Vigilance Against Phishing). and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach ALL547072725
Entry Point: Third-party, cloud-based CRM system
Incident : Data Breach ALL548072725
Entry Point: Third-party Cloud-based System
Incident : Data Breach ALL550072725
Entry Point: Third-party, cloud-based CRM system
Incident : Data Breach ALL832080125
Entry Point: Third-party cloud-based CRM system
Incident : Data Breach ALL316081425
Entry Point: Likely via compromised Salesforce instances
High Value Targets: Customer Pii, Business Partner Data,
Data Sold on Dark Web: Customer Pii, Business Partner Data,
Incident : Data Breach ALL505090325
Entry Point: IT Helpdesk Impersonation via Vishing Calls
High Value Targets: Salesforce Admins, It Support Staff, Executives With Cloud Access,
Data Sold on Dark Web: Salesforce Admins, It Support Staff, Executives With Cloud Access,
Incident : Data Breach ALL2292722100125
Entry Point: Third-Party Crm Provider (Allianz Life),
High Value Targets: Customer Pii (All Three Companies),
Data Sold on Dark Web: Customer Pii (All Three Companies),
Incident : Data Breach ALL2592725100125
Entry Point: Third-Party Cloud-Based CRM System (via Social Engineering)
High Value Targets: Customer Pii (Ssns, Dates Of Birth, Email Addresses),
Data Sold on Dark Web: Customer Pii (Ssns, Dates Of Birth, Email Addresses),
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach ALL547072725
Root Causes: Social engineering attacks
Incident : Data Breach ALL316081425
Root Causes: Unspecified Vulnerability In Salesforce Or Related Systems, Possible Insufficient Access Controls Or Monitoring, Failure To Prevent Data Exfiltration Post-Compromise,
Incident : Data Breach ALL505090325
Root Causes: Over-Reliance On Traditional Mfa (Sms/Email Codes) Susceptible To Vishing., Lack Of Employee Awareness/Training On Ai-Enhanced Social Engineering., Insufficient Verification Protocols For High-Privilege Access Requests., Cloud Platform (Salesforce) Becoming A Single Point Of Failure For Multiple Organizations' Data.,
Corrective Actions: Migrate To Phishing-Resistant Mfa Across All Systems., Implement Behavioral Analytics For Voice-Based Authentication Attempts., Establish Cross-Company Red-Team Exercises Focusing On Vishing Scenarios., Enhance Logging/Monitoring For Unusual Access Patterns In Cloud Platforms., Develop Playbooks For Responding To Collaborative Cybercrime Group Attacks.,
Incident : Data Breach ALL2292722100125
Corrective Actions: Credit Monitoring Services, Customer Notifications,
Incident : Data Breach ALL2592725100125
Root Causes: Successful Social Engineering Attack Targeting Third-Party Crm Vendor., Impersonation Of It Personnel To Gain Unauthorized Remote Access., Exploitation Of Salesforce Data Loader Tool (Suspected).,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Kroll, Forensic Investigators (Implied), , Cybersecurity Experts (Unnamed), Kroll (Identity Monitoring Services), .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Migrate To Phishing-Resistant Mfa Across All Systems., Implement Behavioral Analytics For Voice-Based Authentication Attempts., Establish Cross-Company Red-Team Exercises Focusing On Vishing Scenarios., Enhance Logging/Monitoring For Unusual Access Patterns In Cloud Platforms., Develop Playbooks For Responding To Collaborative Cybercrime Group Attacks., , Credit Monitoring Services, Customer Notifications, .
Additional Questions
General Information
Has the company ever paid ransoms ?
Ransom Payment History: The company has Paid ransoms in the past.
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Scattered Spider (UNC3944, Octo Tempest), Malicious Threat Actor, ShinyHunters, ShinyHuntersScattered SpiderLapsu$, ShinyHuntersScattered Spider (UNC3944, Scatter Swine, Oktapus, Octo Tempest, Storm-0875, Muddled Libra)Lapsus$, Scattered Spider (WestJet)Unnamed actor (Allianz Life)Unnamed actor (Motility Software Solutions) and ShinyHunters (suspected).
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2025-07-16.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-08-01.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Personally identifiable information, Personally Identifiable Information, , Personally Identifiable Information, Full names, Postal addresses, Dates of birth, Social Security numbers (SSNs), , Personal Information, Names, Addresses, Phone Numbers, Dates of Birth, Tax Identification Numbers, Social Security Numbers, Business Partner Records, , names, addresses, phone numbers, emails, , Customer Records, Corporate Partner Data, , , Names, Addresses, Dates of Birth, Social Security Numbers, Email Addresses, , Sensitive Personal Data and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Third-party Cloud-based System and and and Salesforce Instances and Salesforce Customer Management Platform and CRM systems (Allianz Life)Online services and mobile app (WestJet)Internal systems (Motility Software Solutions) and Third-Party Cloud-Based CRM System.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Kroll, forensic investigators (implied), , cybersecurity experts (unnamed), kroll (identity monitoring services), .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Immediate action to contain and mitigate the issue, Immediate action to contain and mitigate the issue, Measures to contain the intrusion and Isolation of Compromised Third-Party CRMInternal Investigation.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Phone Numbers, Personally identifiable information, Full names, phone numbers, addresses, Dates of Birth, Names, Social Security Numbers, Corporate Partner Data, Personally Identifiable Information, Dates of birth, Business Partner Records, Tax Identification Numbers, Customer Records, emails, Sensitive Personal Data, names, Email Addresses, Addresses, Postal addresses, Personal Information and Social Security numbers (SSNs).
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 92.0M.
Ransomware Information
What was the highest ransom paid in a ransomware incident ?
Highest Ransom Paid: The highest ransom paid in a ransomware incident was Likely not paid (data leaked).
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Employee training must include scenario-based vishing simulations to improve detection rates.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Deploy AI-based anomaly detection for voice communications in call centers/IT support., Collaborate with industry peers to share threat intelligence on emerging vishing tactics., Implement stricter access controls and anomaly detection for cloud platforms., Regularly review financial statements for unauthorized activity., Third-party vendors should enhance security protocols against social engineering attacks., Enforce multi-layer verification for sensitive actions (e.g., on-camera ID checks, challenge questions not publicly available)., Conduct a forensic audit of Salesforce and related systems., Remain vigilant against phishing and credential stuffing attempts., Place fraud alerts or credit freezes with major credit bureaus., Implement phishing-resistant MFA (e.g., FIDO2, number matching, geo-verification)., Enable multi-factor authentication (MFA) on sensitive accounts., Monitor dark web/Telegram channels for further leaks., Enhanced cybersecurity measures across the insurance industry, Offer credit monitoring/identity theft protection to affected customers., Educate customers on phishing risks and fraud prevention., Adopt zero-trust principles, particularly for cloud-based CRM/ERP platforms., Conduct regular vishing simulation exercises for employees, especially IT helpdesk and support teams. and Monitor dark web/Telegram channels for leaked credentials or extortion announcements..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Company spokesperson Brett Weinberg, Have I Been Pwned (Breach Monitoring Service), Maine Attorney General’s Office (Motility filing), The Register, TechRadar, TechCrunch, Maine Attorney General’s Office (WestJet filing), Reuters (Reporting by Juby Babu; Editing by Mohammed Safi Shamsi and Alan Barona), Google Password Checkup, Google Security Advisory (2.5B User Alert), Have I Been Pwned, Maine Attorney General’s Office Filing, The Conversation (Article on ShinyHunters Vishing Attacks), Telegram Post by ShinyHunters (Allianz Life Data Dump), BleepingComputer, Maine Office of the Attorney General, Company Statement, Maine Attorney General’s Office (Allianz Life filing) and HaveIBeenPwned.
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://haveibeenpwned.com, https://passwords.google.com/checkup, https://www.theregister.com/2023/10/XX/allianz_westjet_motility_breaches/, https://haveibeenpwned.com .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Google's global security advisory to users, All companies notified affected individuals and offered credit monitoring, FBI Notification, Public Disclosure via Maine AG Office, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Planned around August 1, 2025, , Placeholder notification issued, Notifying affected individuals on August 1, Check exposure via HaveIBeenPwned or Google Password Checkup.Be vigilant for phishing attempts and identity theft (e.g., fraudulent loans, tax filings).Consider freezing credit reports if SSNs were exposed., Two years of identity monitoring services provided to impacted individuals, Google urged users to enable advanced security measures (e.g., phishing-resistant MFA), WestJet: Encouraged staff/customers to exercise caution; Allianz/Motility: Provided identity protection services, Written notifications sent to affected individuals (starting 2025-08-01).Offer of 2 years of Kroll Identity Monitoring Services (single-bureau credit monitoring, fraud consultation, identity theft restoration).Guidance on protective measures (MFA, credit freezes and vigilance against phishing).
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Third-party cloud-based CRM system, Third-party Cloud-based System, Third-party, cloud-based CRM system, Third-Party Cloud-Based CRM System (via Social Engineering), Likely via compromised Salesforce instances and IT Helpdesk Impersonation via Vishing Calls.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Social engineering attacks, Unspecified vulnerability in Salesforce or related systemsPossible insufficient access controls or monitoringFailure to prevent data exfiltration post-compromise, Over-reliance on traditional MFA (SMS/email codes) susceptible to vishing.Lack of employee awareness/training on AI-enhanced social engineering.Insufficient verification protocols for high-privilege access requests.Cloud platform (Salesforce) becoming a single point of failure for multiple organizations' data., Successful social engineering attack targeting third-party CRM vendor.Impersonation of IT personnel to gain unauthorized remote access.Exploitation of Salesforce Data Loader tool (suspected)..
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Migrate to phishing-resistant MFA across all systems.Implement behavioral analytics for voice-based authentication attempts.Establish cross-company red-team exercises focusing on vishing scenarios.Enhance logging/monitoring for unusual access patterns in cloud platforms.Develop playbooks for responding to collaborative cybercrime group attacks., Credit monitoring services, customer notifications.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=allianz-life' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
