Allianz Life Company Cyber Security Posture

Description: Allianz Life Insurance Company experienced a cyberattack on July 16, 2025, compromising the personal information of the majority of its 1.4 million customers. The attack targeted a third-party, cloud-based CRM system used by the insurer. The attackers employed social engineering techniques to gain unauthorized access to personally identifiable information belonging to customers, financial professionals, and select Allianz Life employees. The breach was discovered the following day, prompting immediate containment measures and notification to the FBI. The company emphasized that no other systems were compromised, including the critical policy administration system. This incident highlights the increasing sophistication of cyber threats in the insurance industry.

Description: Hackers gained access to personal data on the majority of the 1.4 million customers of Allianz Life Insurance Company of North America. The data breach occurred on July 16 when a malicious threat actor gained access to a third-party, cloud-based system used by the company. The threat actor was able to obtain personally identifiable data related to the majority of Allianz Life's customers, financial professionals, and select Allianz Life employees, using a social engineering technique. The company took immediate action to contain and mitigate the issue and notified the FBI. Allianz Life's own systems were not accessed, just the third-party's platform. The company has begun reaching out to the impacted individuals and will be offering those affected 24 months of identity theft protection and credit monitoring.

Description: On December 10, 2024, the Maine Office of the Attorney General reported a data breach involving Allianz Life Insurance Company of North America. The breach, which occurred on April 15, 2024, resulted in the inadvertent disclosure of information affecting 597 individuals, including 17 residents. Allianz Life has offered one year of identity monitoring services provided by Kroll.

Description: Allianz Life confirmed a data breach where a threat actor gained access to a third-party, cloud-based CRM system, exposing personal information of the majority of its 1.4 million customers, financial professionals, and select employees. The breach occurred through a social engineering technique, and the company took immediate action to mitigate the issue. The investigation is ongoing, and the attack is believed to have been conducted by the ShinyHunters extortion group.

Description: Allianz Life recently confirmed a cyberattack in which criminals stole data on around 1.4 million customers. The stolen data includes names, addresses, dates of birth, and Social Security numbers (SSNs). The company has filed forms with the Attorney General's office in Texas and Massachusetts, confirming the data breach. Although the company took measures to contain the intrusion and notified the FBI, there is no evidence that other systems were accessed. The company will begin notifying affected individuals on August 1. The theft of SSNs is particularly concerning as it can lead to identity theft, fraud, and other criminal activities.

Description: The Allianz Risk Barometer highlights the evolving threat landscape companies face in the modern era, underscored by the significant concern over cyber incidents, including ransomware attacks, data breaches, and IT disruptions. These technological threats are increasingly being viewed as major business risks globally, reflecting a shift in priority towards digital security in response to the expanding digital footprint of companies worldwide. This surge in cyber risk awareness comes amidst a backdrop where traditional threats such as natural catastrophes and fires also regain prominence, alongside climbing political risks and violence in a year marked by significant elections and potential unrest. With the ongoing global challenges such as the energy crisis and pandemic effects adapting in the business risk landscape, Allianz's findings underscore an essential shift in how businesses approach risk management, prioritizing a comprehensive understanding of both new and old threats to maintain operational resilience and security.

Description: Cybercriminals associated with the ShinyHunters, Scattered Spider, and Lapsu$ threat groups leaked **2.8 million stolen records**—including names, addresses, phone numbers, dates of birth, Tax Identification Numbers, and Social Security numbers—of **1.4 million Allianz Life customers and business partners** on a Telegram channel. The data was exfiltrated during a **ransomware attack** targeting Salesforce instances, with the attackers opting to publish the information after Allianz Life likely refused to pay or negotiations failed. The exposed details enable highly targeted phishing, identity theft, financial fraud (e.g., unauthorized loans, credit cards, tax returns), and even medical or employment fraud. The breach also heightens risks of follow-on attacks, such as wire fraud or secondary ransomware campaigns, due to the depth of personal data compromised.