Allianz Technology
Company Details
Linkedin ID:
allianz-technology
Employees number:
11,283
Number of followers:
183,589
NAICS:
5415
Industry Type:
Homepage:
allianz.com
IP Addresses:
0
Company ID:
ALL_1046426
Scan Status:
In-progress
Allianz Technology Company CyberSecurity Posture
allianz.com
With its headquarters in Munich, Germany, Allianz Technology is Allianz's global IT service provider and delivers IT solutions that drive the group's digitalization. With more than 13,000 employees in more than 20 countries around the world, Allianz Technology is tasked to run, optimize, transform, and innovate the infrastructure, applications, and services together with Allianz companies to co-create the best customer experience. We service the entire spectrum of digitalization - from one of the industry's largest IT infrastructure projects that spans data centres, networks, and security, to application platforms ranging from workplace services to digital interaction. In short: We deliver comprehensive end-to-end IT solutions for Allianz in the digital age. We are the backbone of Allianz.
Allianz Technology A.I CyberSecurity Scoring
Allianz Technology Risk Score (AI oriented)Between 750 and 799
Allianz Technology
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Allianz Technology Global Score (TPRM)XXXX
Allianz Technology
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Allianz Technology Company CyberSecurity News & History
Past Incidents
14
Attack Types
3
Allianz
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: The Allianz Risk Barometer highlights the evolving threat landscape companies face in the modern era, underscored by the significant concern over cyber incidents, including ransomware attacks, data breaches, and IT disruptions. These technological threats are increasingly being viewed as major business risks globally, reflecting a shift in priority towards digital security in response to the expanding digital footprint of companies worldwide. This surge in cyber risk awareness comes amidst a backdrop where traditional threats such as natural catastrophes and fires also regain prominence, alongside climbing political risks and violence in a year marked by significant elections and potential unrest. With the ongoing global challenges such as the energy crisis and pandemic effects adapting in the business risk landscape, Allianz's findings underscore an essential shift in how businesses approach risk management, prioritizing a comprehensive understanding of both new and old threats to maintain operational resilience and security.
Allianz Commercial (contextual reference to insured large companies in the report)
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: The report highlights that while large insured companies (e.g., in manufacturing, retail, or professional services) have improved cybersecurity resilience in 2025—reducing severity by 50% and large-claim frequency by 30%—ransomware remains the dominant threat, accounting for **60% of large cyber claims (>€1M)**. A key trend is the shift toward **double extortion** (data exfiltration + encryption), now comprising **40% of large claim values** (up from 25% in 2024), with losses involving data theft **doubling** in cost compared to non-exfiltration incidents. The average data breach cost reached **$5M in 2024**, driven by stricter regulations. Despite progress, attacks on less resilient **SMEs (88% of their breaches involve ransomware vs. 39% for large firms)** and **supply chain vulnerabilities** expand the risk landscape. The report warns of **seasonal spikes during Black Friday/Cyber Monday**, where retail’s high personal data exposure and business interruption risks amplify extortion leverage. While early detection mitigates some losses, **prolonged undetected attacks escalate costs exponentially**—up to **1,000x higher** if data theft and encryption occur. Business interruption alone accounts for **>50% of claim values**, underscoring the operational cripple potential of such incidents.
Allianz Commercial (Hypothetical Mid-Sized Retailer Client)
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: A mid-sized retail firm insured by Allianz Commercial fell victim to a **Scattered Spider**-linked ransomware attack in early 2025, initiated via a **fake help desk call** that compromised employee credentials. Within 24 hours, attackers exfiltrated **customer payment data (credit cards, personal details)** and encrypted critical systems, halting e-commerce operations for **48 hours**. The breach exposed **120,000 customer records**, triggering **privacy litigation** under GDPR and a **€2.1M ransom demand** (partially paid to prevent data leaks). The incident disrupted supply chain integrations, causing **€3.8M in business interruption losses**—amplified by a concurrent cloud outage at a third-party payment processor. While Allianz’s tabletop exercises helped contain the attack, the retailer faced **reputational damage** from press coverage and a **15% drop in quarterly sales**. Regulatory fines for delayed breach notification added €900K to the total loss.
Allianz Life Insurance Company of North America
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: On December 10, 2024, the Maine Office of the Attorney General reported a data breach involving Allianz Life Insurance Company of North America. The breach, which occurred on April 15, 2024, resulted in the inadvertent disclosure of information affecting 597 individuals, including 17 residents. Allianz Life has offered one year of identity monitoring services provided by Kroll.
Allianz Life Insurance Company of North America
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Hackers gained access to personal data on the majority of the 1.4 million customers of Allianz Life Insurance Company of North America. The data breach occurred on July 16 when a malicious threat actor gained access to a third-party, cloud-based system used by the company. The threat actor was able to obtain personally identifiable data related to the majority of Allianz Life's customers, financial professionals, and select Allianz Life employees, using a social engineering technique. The company took immediate action to contain and mitigate the issue and notified the FBI. Allianz Life's own systems were not accessed, just the third-party's platform. The company has begun reaching out to the impacted individuals and will be offering those affected 24 months of identity theft protection and credit monitoring.
Allianz Life Insurance
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Allianz Life Insurance experienced a significant **data breach** in early 2024, exposing the **sensitive personal information of approximately 1.5 million customers**. The incident involved unauthorized access to customer data, though the exact nature of the compromised information (e.g., financial records, Social Security numbers, or medical details) was not fully disclosed. Such breaches typically heighten risks of **identity theft, financial fraud, and reputational damage** for affected individuals. The scale of the breach—affecting over a million people—suggests systemic vulnerabilities in Allianz’s data security protocols. While the company likely initiated containment measures, the long-term consequences for customer trust and regulatory compliance (e.g., potential GDPR or state-level penalties) remain critical concerns. The breach underscores the growing threat landscape for insurance providers, which hold vast repositories of high-value personal data.
Allianz Life Insurance Company
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Allianz Life Insurance Company experienced a cyberattack on July 16, 2025, compromising the personal information of the majority of its 1.4 million customers. The attack targeted a third-party, cloud-based CRM system used by the insurer. The attackers employed social engineering techniques to gain unauthorized access to personally identifiable information belonging to customers, financial professionals, and select Allianz Life employees. The breach was discovered the following day, prompting immediate containment measures and notification to the FBI. The company emphasized that no other systems were compromised, including the critical policy administration system. This incident highlights the increasing sophistication of cyber threats in the insurance industry.
Allianz Life
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Allianz Life, an insurance company, disclosed a significant data breach affecting approximately **1.497 million customers, employees, and financial professionals** across North America. The breach occurred due to an attack on an unnamed third-party CRM provider, where unauthorized actors accessed sensitive personal data. Compromised information includes **names, addresses, dates of birth, and Social Security numbers (SSNs)**—highly valuable details for identity theft and fraud. The company confirmed the attackers targeted customer, staff, and financial professional records, though no immediate evidence of misuse was reported. Allianz Life responded by offering **two years of identity protection and credit monitoring services** to affected individuals. The breach underscores vulnerabilities in third-party vendor security, raising concerns about supply-chain risks in the financial sector.
Allianz Life
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: Allianz Life, a financial services provider, suffered a significant data breach orchestrated by the cybercrime group **ShinyHunters** in collaboration with **Scattered Spider** and **Lapsus$**. The attack exploited **voice-based social engineering (vishing)**, where criminals impersonated IT helpdesk personnel to trick employees into divulging credentials and multi-factor authentication (MFA) codes. The breach resulted in the **public exposure of 2.8 million records**, including sensitive customer and corporate partner data hosted on **Salesforce**, a customer management platform. The leaked data likely included **personal and financial details**, exposing individuals to risks such as identity theft, fraud, and reputational harm. ShinyHunters publicly released the data on Telegram before the channel was shut down, amplifying the incident’s visibility. The group’s shift to **ransomware-as-a-service (RaaS)**—partnering with other threat actors—suggests escalating tactics, increasing the potential for future extortion or secondary attacks. Allianz Life’s breach underscores vulnerabilities in **third-party cloud providers** and the growing sophistication of **AI-driven social engineering**, where deepfake voice cloning evades traditional detection methods. The incident erodes trust in the company’s data security practices and may trigger regulatory scrutiny, financial penalties, or customer attrition.
Allianz Life
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Allianz Life confirmed a data breach where a threat actor gained access to a third-party, cloud-based CRM system, exposing personal information of the majority of its 1.4 million customers, financial professionals, and select employees. The breach occurred through a social engineering technique, and the company took immediate action to mitigate the issue. The investigation is ongoing, and the attack is believed to have been conducted by the ShinyHunters extortion group.
Allianz Life
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Allianz Life recently confirmed a cyberattack in which criminals stole data on around 1.4 million customers. The stolen data includes names, addresses, dates of birth, and Social Security numbers (SSNs). The company has filed forms with the Attorney General's office in Texas and Massachusetts, confirming the data breach. Although the company took measures to contain the intrusion and notified the FBI, there is no evidence that other systems were accessed. The company will begin notifying affected individuals on August 1. The theft of SSNs is particularly concerning as it can lead to identity theft, fraud, and other criminal activities.
Allianz Life Insurance Company of North America
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: In July 2025, Allianz Life Insurance Company of North America suffered a **cyberattack** targeting a **third-party cloud-based CRM system**, exposing the **sensitive personal data of 1.5 million individuals** (1,497,036 confirmed) across the U.S. The breach, linked to the **ShinyHunters extortion group**, involved a **social engineering campaign** where attackers impersonated IT personnel to gain unauthorized remote access via Salesforce’s Data Loader tool. Compromised data includes **names, addresses, dates of birth, and Social Security numbers**, with **1.1 million email addresses** already surfacing on the dark web (72% tied to prior breaches), heightening risks of **credential stuffing, phishing, and identity theft**.The company confirmed its **core systems and internal networks remained unaffected**, but the CRM breach enabled large-scale **customer data exfiltration**. Allianz Life notified the FBI, launched an investigation, and offered **two years of free identity monitoring (Kroll)** to victims. While no ransom demands were confirmed, the incident underscores vulnerabilities in **third-party vendor security** and the escalating threat of **targeted extortion campaigns**. Customers were advised to monitor financial accounts, enable **multi-factor authentication (MFA)**, and consider **credit freezes** to mitigate fraud risks.
Allianz Life
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: In late July, Allianz Life, a U.S.-based insurance firm, suffered a cyberattack that compromised the personal data of **1.1 million customers**, including names, addresses, phone numbers, and emails. The breach affected a significant portion of its **1.4 million U.S. customers**, along with financial professionals and select employees. While the company’s investigation remains ongoing, it has committed to providing **two years of identity monitoring services** to impacted individuals as a remedial measure. The incident is part of a growing trend of high-profile cyberattacks targeting major corporations, underscoring vulnerabilities in data security. Although no financial or highly sensitive information (e.g., Social Security numbers, medical records) was explicitly mentioned as stolen, the exposure of **personally identifiable information (PII)** poses risks of identity theft, phishing, and fraud. Allianz Life has not disclosed the attack vector, but the scale and nature of the breach suggest a **sophisticated intrusion**, potentially involving credential theft or exploitation of system vulnerabilities. The company’s response includes mitigation efforts, but the long-term reputational and operational impacts—such as customer trust erosion and potential regulatory scrutiny—remain uncertain. The breach aligns with broader industry challenges, as seen in recent attacks on **UnitedHealth Group (192.7M records)** and **Microsoft (100+ organizations)**, highlighting systemic cybersecurity gaps in critical sectors.
Allianz Life
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: Cybercriminals associated with the ShinyHunters, Scattered Spider, and Lapsu$ threat groups leaked **2.8 million stolen records**—including names, addresses, phone numbers, dates of birth, Tax Identification Numbers, and Social Security numbers—of **1.4 million Allianz Life customers and business partners** on a Telegram channel. The data was exfiltrated during a **ransomware attack** targeting Salesforce instances, with the attackers opting to publish the information after Allianz Life likely refused to pay or negotiations failed. The exposed details enable highly targeted phishing, identity theft, financial fraud (e.g., unauthorized loans, credit cards, tax returns), and even medical or employment fraud. The breach also heightens risks of follow-on attacks, such as wire fraud or secondary ransomware campaigns, due to the depth of personal data compromised.
Allianz Technology Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Allianz Technology
Incidents vs IT Services and IT Consulting Industry Average (This Year)
No incidents recorded for Allianz Technology in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Allianz Technology in 2025.
Incident Types Allianz Technology vs IT Services and IT Consulting Industry Avg (This Year)
No incidents recorded for Allianz Technology in 2025.
Incident History — Allianz Technology (X = Date, Y = Severity)
Allianz Technology cyber incidents detection timeline including parent company and subsidiaries
Allianz Technology Company Subsidiaries
With its headquarters in Munich, Germany, Allianz Technology is Allianz's global IT service provider and delivers IT solutions that drive the group's digitalization. With more than 13,000 employees in more than 20 countries around the world, Allianz Technology is tasked to run, optimize, transform, and innovate the infrastructure, applications, and services together with Allianz companies to co-create the best customer experience. We service the entire spectrum of digitalization - from one of the industry's largest IT infrastructure projects that spans data centres, networks, and security, to application platforms ranging from workplace services to digital interaction. In short: We deliver comprehensive end-to-end IT solutions for Allianz in the digital age. We are the backbone of Allianz.
Loading...
Allianz Technology Similar Companies
Canon EMEA
We are Canon Europe. We are the world's best imaging company. This page represents our offices in Europe, the Middle East and Africa. Founded in 1937, the desire to continuously innovate has kept Canon at the forefront of imaging excellence throughout its 85-year history and has commitments to inve
Stefanini Brasil
A Stefanini é uma multinacional brasileira que atua no setor de serviços em TI. Com um suporte em mais de 30 idiomas, a Stefanini, 5ª empresa mais internacionalizada, segundo a Fundação Dom Cabral, atua em mais de 35 países e e está entre as 100 maiores empresas de TI do mundo (BBC News). Uma das ma
CACI International Inc
At CACI International Inc (NYSE: CACI), our 25,000 talented and dynamic employees are ever vigilant in delivering distinctive expertise and technology to meet our customers’ greatest challenges in national security. We are a company of good character, relentless innovation, and long-standing excelle
Verizon
We get you. You want more out of a career. A place to share your ideas freely — even if they’re daring or different. Where the true you can learn, grow, and thrive. You’ll find all that here. Because we empower you. We power and empower how people live, work and play by connecting them to what bri
Ingram Micro is a leading technology company for the global information technology ecosystem. With the ability to reach nearly 90% of the global population, we play a vital role in the worldwide IT sales channel, bringing products and services from technology manufacturers and cloud providers to a h
HCLTech
HCLTech is a global technology company, home to more than 220,000 people across 60 countries, delivering industry-leading capabilities centered around digital, engineering, cloud and AI, powered by a broad portfolio of technology services and products. We work with clients across all major verticals
Orange Business
At Orange Business, our ambition is to become the leading european Network and Digital Integrator by leveraging our proven expertise in next-generation connectivity solutions, the cloud and cybersecurity. Our 30,000 women and men are present in 65 countries, where every voice counts. Together, we a
Infosys BPM
Infosys BPM Ltd., the business process management subsidiary of Infosys Ltd. (NYSE: INFY), was set up in April 2002. Infosys BPM focuses on integrated end-to-end outsourcing and delivers transformational benefits to its clients through reduced costs, ongoing productivity improvements, and process re
Ricoh USA, Inc.
At Ricoh, we bring people, processes, and technology together to make information work for you. We unlock the power of information so organizations can unlock the full potential of their people. We're a leader in information management and digital services, creating competitive advantage for over 1.
.png)
Allianz Technology CyberSecurity News
October 08, 2025 07:00 AM
Allianz Services and Allianz Technology Sponsors 100 Scholarships
THIRUVANANTHAPURAM: In a significant initiative to empower academically meritorious students pursuing German language proficiency, Allianz...
September 30, 2025 07:00 AM
Cyber security resilience 2025 – Claims and risk management trends
Download Allianz Commercial's annual cyber security report to explore the latest claims trends, emerging cyber risks, and practical cyber...
September 28, 2025 07:00 AM
Allianz Commercial finds cyber risk claims severity has declined 50% in 2025
Ransomware contributed to 60% of large cyber claims and frequency dropped 30% in early 2025.
September 26, 2025 10:08 AM
Cybersecurity Risks Deepen, Firms Urged to Adapt
A new Allianz Commercial report warns that cyber criminals are turning to smaller firms and exploiting supply chains, while data theft and privacy...
September 24, 2025 07:00 AM
Allianz Commercial: Cyber insureds gain momentum against attackers, but supply chain challenges remain
Ransomware is the biggest loss driver, accounting for 60% of the value of large cyber claims (>€1mn), while threats posed by supply chains,.
September 06, 2025 07:00 AM
Class Actions Brought Against Allianz Over Data Breach
Class action against Allianz over data breach is a part of a trend of class actions against companies for negligence in data breaches.
August 19, 2025 07:00 AM
Allianz Life Data Breach Exposes Data of Over 1 Million Clients
In July 2025, US insurance corporation Allianz Life experienced a data breach that exposed the personal information of 1.1 million customers...
August 19, 2025 07:00 AM
Massive Allianz Life data breach details reportedly revealed
More information about the massive Allianz Life data breach has reportedly been revealed and it is decidedly not good. Like very not good.
August 18, 2025 07:00 AM
Allianz Life data breach affects 1.1 million customers
Data breach notification site Have I Been Pwned notified 1.1 million customers of a July data breach, a number not previously reported.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Allianz Technology CyberSecurity History Information
Official Website of Allianz Technology
The official website of Allianz Technology is https://careers.allianz.com/go/Allianz-Technology/5123701/.
Allianz Technology’s AI-Generated Cybersecurity Score
According to Rankiteo, Allianz Technology’s AI-generated cybersecurity score is 775, reflecting their Fair security posture.
How many security badges does Allianz Technology’ have ?
According to Rankiteo, Allianz Technology currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Allianz Technology have SOC 2 Type 1 certification ?
According to Rankiteo, Allianz Technology is not certified under SOC 2 Type 1.
Does Allianz Technology have SOC 2 Type 2 certification ?
According to Rankiteo, Allianz Technology does not hold a SOC 2 Type 2 certification.
Does Allianz Technology comply with GDPR ?
According to Rankiteo, Allianz Technology is not listed as GDPR compliant.
Does Allianz Technology have PCI DSS certification ?
According to Rankiteo, Allianz Technology does not currently maintain PCI DSS compliance.
Does Allianz Technology comply with HIPAA ?
According to Rankiteo, Allianz Technology is not compliant with HIPAA regulations.
Does Allianz Technology have ISO 27001 certification ?
According to Rankiteo,Allianz Technology is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Allianz Technology
Allianz Technology operates primarily in the IT Services and IT Consulting industry.
Number of Employees at Allianz Technology
Allianz Technology employs approximately 11,283 people worldwide.
Subsidiaries Owned by Allianz Technology
Allianz Technology presently has no subsidiaries across any sectors.
Allianz Technology’s LinkedIn Followers
Allianz Technology’s official LinkedIn profile has approximately 183,589 followers.
NAICS Classification of Allianz Technology
Allianz Technology is classified under the NAICS code 5415, which corresponds to Computer Systems Design and Related Services.
Allianz Technology’s Presence on Crunchbase
No, Allianz Technology does not have a profile on Crunchbase.
Allianz Technology’s Presence on LinkedIn
Yes, Allianz Technology maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/allianz-technology.
Cybersecurity Incidents Involving Allianz Technology
As of November 27, 2025, Rankiteo reports that Allianz Technology has experienced 14 cybersecurity incidents.
Number of Peer and Competitor Companies
Allianz Technology has an estimated 36,299 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Allianz Technology ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach, Ransomware and Cyber Attack.
What was the total financial impact of these incidents on Allianz Technology ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $0.
How does Allianz Technology detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with notifications to affected individuals within 30 days, and and and containment measures with immediate action to contain and mitigate the issue, and recovery measures with offering 24 months of identity theft protection and credit monitoring, and communication strategy with notifying impacted individuals, and law enforcement notified with fbi notified, and containment measures with immediate action to contain and mitigate the issue, and communication strategy with process of reaching out to individuals impacted with dedicated resources, and law enforcement notified with fbi, and containment measures with measures to contain the intrusion, and communication strategy with notifying affected individuals, and third party assistance with kroll, and communication strategy with public advisory (via media reports), communication strategy with encouraging customers to check exposure via haveibeenpwned and google password checkup, and incident response plan activated with yes (investigation ongoing), and remediation measures with two years of identity monitoring services for impacted individuals, and communication strategy with breach notification via have i been pwned; spokesperson declined further comment during investigation, and communication strategy with google security advisory to 2.5b users, and incident response plan activated with yes (for insured firms with preparedness), and third party assistance with cyber insurance providers (e.g., allianz), third party assistance with forensic investigators, third party assistance with legal counsel, and containment measures with network segmentation, containment measures with isolation of affected systems, containment measures with revoking compromised credentials, and remediation measures with patching vulnerabilities, remediation measures with enhanced authentication (mfa), remediation measures with data recovery from backups, and recovery measures with business continuity plans, recovery measures with supplier risk assessments, recovery measures with customer notification (if data breached), and communication strategy with transparent disclosure (for insured firms), communication strategy with regulatory reporting (dora/nis2 compliance), and network segmentation with critical for limiting lateral movement, and enhanced monitoring with early detection reduced losses by 1,000x, and and third party assistance with forensic investigators (implied), and remediation measures with identity protection and credit monitoring services (allianz: 2 years; westjet: 2 years; motility: 12 months), and communication strategy with public disclosures (maine ag filings), customer notifications, advisories to exercise caution, and and third party assistance with cybersecurity experts (unnamed), third party assistance with kroll (identity monitoring services), and law enforcement notified with fbi, and containment measures with isolation of compromised third-party crm, containment measures with internal investigation, and recovery measures with customer notifications (began 2025-08-01), recovery measures with offer of 2 years of complimentary identity monitoring (kroll), and communication strategy with maine attorney general’s office filing, communication strategy with direct customer notifications, communication strategy with public advisory on protective measures, and communication strategy with public disclosure of the breach, and and third party assistance with cyber insurance providers (e.g., allianz commercial), third party assistance with law enforcement (international coordination), and and containment measures with early detection/response (reduces costs by 1,000x), containment measures with business continuity plans, and .
Incident Details
Can you provide details on each incident ?
Title: Evolving Cyber Threat Landscape Highlighted by Allianz Risk Barometer
Description: The Allianz Risk Barometer highlights the evolving threat landscape companies face in the modern era, underscored by the significant concern over cyber incidents, including ransomware attacks, data breaches, and IT disruptions. These technological threats are increasingly being viewed as major business risks globally, reflecting a shift in priority towards digital security in response to the expanding digital footprint of companies worldwide. This surge in cyber risk awareness comes amidst a backdrop where traditional threats such as natural catastrophes and fires also regain prominence, alongside climbing political risks and violence in a year marked by significant elections and potential unrest. With the ongoing global challenges such as the energy crisis and pandemic effects adapting in the business risk landscape, Allianz's findings underscore an essential shift in how businesses approach risk management, prioritizing a comprehensive understanding of both new and old threats to maintain operational resilience and security.
Type: ransomware attacks
Title: Allianz Life Insurance Company Data Breach
Description: Hackers compromised the personal information of the majority of Allianz Life's 1.4 million customers following a sophisticated cyberattack on July 16, 2025.
Date Detected: 2025-07-16
Date Publicly Disclosed: 2025-07-17
Type: Data Breach
Attack Vector: Social Engineering
Vulnerability Exploited: Human Psychology
Threat Actor: Scattered Spider (UNC3944, Octo Tempest)
Motivation: Unauthorized access to personally identifiable information
Title: Allianz Life Data Breach
Description: Hackers gained access to personal data on the majority of the 1.4 million customers of Allianz Life Insurance Company of North America through a third-party, cloud-based system using a social engineering technique.
Date Detected: 2023-07-17
Date Publicly Disclosed: 2023-07-22
Type: Data Breach
Attack Vector: Social Engineering
Threat Actor: Malicious Threat Actor
Title: Allianz Life Data Breach
Description: Allianz Life Insurance Company of North America experienced a data breach where the personal information of the majority of its 1.4 million customers was exposed due to a malicious threat actor gaining access to a third-party, cloud-based CRM system.
Date Detected: 2025-07-16
Type: Data Breach
Attack Vector: Social Engineering
Threat Actor: ShinyHunters
Motivation: Data Exfiltration
Title: Allianz Life Data Breach
Description: Criminals stole data on around 1.4 million customers, including names, addresses, and SSNs.
Type: Data Breach
Attack Vector: Third-party cloud-based CRM system
Motivation: Data theft
Title: Data Breach at Allianz Life Insurance Company of North America
Description: A data breach occurred at Allianz Life Insurance Company of North America, resulting in the inadvertent disclosure of information affecting 597 individuals, including 17 residents.
Date Detected: 2024-04-15
Date Publicly Disclosed: 2024-12-10
Type: Data Breach
Title: Allianz Life Data Leak via Telegram by ShinyHunters, Scattered Spider, and Lapsu$
Description: Cybercriminals leaked stolen data from Allianz Life in a Telegram channel, exposing almost 3 million records from over 1.4 million customers and business partners. The leaked data includes names, addresses, phone numbers, dates of birth, Tax Identification Numbers, and Social Security Numbers. The attack was part of a broader campaign targeting Salesforce instances, with the same threat actors linked to attacks on Internet Archive, Pearson, and Coinbase. The data was published after Allianz Life likely refused to pay the ransom or negotiations failed.
Type: Data Breach
Attack Vector: Exploitation of Salesforce InstancesData Exfiltration
Threat Actor: ShinyHuntersScattered SpiderLapsu$
Motivation: Financial GainExtortionData Theft for Resale or Fraud
Title: Cyberattack on Allianz Life Compromises Personal Data of 1.1 Million Customers
Description: A cyberattack at U.S. insurance firm Allianz Life in late July compromised the personal data of 1.1 million customers. The hacked information includes names, addresses, phone numbers, and emails of customers. Allianz Life is providing two years of identity monitoring services to impacted individuals. The breach is part of a broader wave of high-profile cyberattacks targeting global companies, including Microsoft and UnitedHealth Group.
Date Detected: Late July 2024
Date Publicly Disclosed: 2024-08-12
Type: Data Breach
Title: ShinyHunters Data Breach via Salesforce Using Vishing Tactics
Description: Cyber crime group ShinyHunters targeted Salesforce, a customer management platform, using voice-based social engineering (vishing) tactics, including deepfake and AI-cloned voices. The breach prompted Google to urge 2.5 billion users to tighten security. The group, in collaboration with Scattered Spider and Lapsus$, publicly released 2.8 million data records from Allianz Life's Salesforce database, affecting individual customers and corporate partners. ShinyHunters has shifted tactics from exploiting cloud vulnerabilities to social engineering, expanding their attack surface.
Date Publicly Disclosed: 2024-08-mid
Type: Data Breach
Attack Vector: Voice Phishing (Vishing)Deepfake Voice CloningAI-Generated Voice SpoofingSocial Engineering (IT Helpdesk Impersonation)Multi-Factor Authentication (MFA) Bypass
Vulnerability Exploited: Human Trust VulnerabilityLack of Phishing-Resistant MFAInsufficient Employee Training on Vishing
Threat Actor: ShinyHuntersScattered Spider (UNC3944, Scatter Swine, Oktapus, Octo Tempest, Storm-0875, Muddled Libra)Lapsus$
Motivation: Financial GainReputational DamageData Theft for Resale
Title: Shift in Cyber Threats Targeting Small and Mid-Sized Firms in 2025
Description: In 2025, cybercriminals are increasingly targeting small and mid-sized firms due to hardened defenses at larger enterprises. Ransomware remains the dominant threat, with 88% of breaches at SMEs involving ransomware (vs. 39% at larger firms). Attackers are shifting from encryption to data exfiltration, which is more lucrative and less resource-intensive. Social engineering, credential abuse, and supply chain disruptions are key attack vectors. Retailers are the most targeted industry, while regulatory pressures (e.g., DORA, NIS2) and cyber insurance adoption are rising. Early detection, basic controls (patching, MFA, backups), and tabletop exercises significantly reduce claim costs.
Date Publicly Disclosed: 2025-06-30
Type: Ransomware
Attack Vector: Phishing/Social EngineeringCompromised CredentialsFake Help Desk Calls (e.g., Scattered Spider)Supply Chain VulnerabilitiesCloud Security IncidentsGenerative AI-Enhanced Scams
Vulnerability Exploited: Lack of Multi-Factor Authentication (MFA)Unpatched SystemsPoor Network SegmentationInsufficient Backup ProtocolsWeak Supplier Security Controls
Threat Actor: Scattered SpiderOpportunistic Cybercriminal GroupsInitial Access Brokers (IABs)Ransomware-as-a-Service (RaaS) Affiliates
Motivation: Financial Gain (Ransom Payments)Data Theft for Resale (Dark Web)Disruption of Business OperationsExploitation of Supply Chain Weaknesses
Title: Data Breaches Affecting 3.7 Million Customers Across Allianz Life, WestJet, and Motility Software Solutions
Description: A trio of companies—Allianz Life, WestJet, and Motility Software Solutions—disclosed data breaches this week affecting approximately 3.7 million customers and employees across North America. The incidents involved unauthorized access to third-party CRM providers, ransomware attacks, and data exfiltration by threat actors, including the Scattered Spider group. Personal data such as names, addresses, SSNs, and driver’s license numbers were compromised. All three companies offered identity protection and credit monitoring services to affected individuals.
Date Publicly Disclosed: 2023-10-XX (exact dates vary per company)
Type: Data Breach
Attack Vector: Third-party CRM compromiseMalware deployment (ransomware)Unauthorized access
Threat Actor: Scattered Spider (WestJet)Unnamed actor (Allianz Life)Unnamed actor (Motility Software Solutions)
Motivation: Data TheftFinancial Gain (likely)
Title: Allianz Life Insurance Data Breach via Third-Party CRM Compromise (July 2025)
Description: Allianz Life Insurance Company of North America experienced a cyberattack in July 2025, resulting in the exposure of sensitive personal data of 1.5 million individuals across the U.S. The breach originated from a compromise of a third-party cloud-based CRM system, facilitated by a targeted social engineering campaign. Attackers, likely linked to the ShinyHunters extortion group, impersonated IT personnel to gain unauthorized remote access via Salesforce’s Data Loader tool. While Allianz Life’s core systems remained unaffected, the incident led to the exfiltration of names, addresses, dates of birth, and Social Security numbers. Over 1.1 million compromised email addresses have surfaced on the dark web, raising concerns about credential stuffing and phishing risks. Allianz Life notified the FBI, launched an investigation, and offered affected individuals two years of complimentary identity monitoring and credit protection services through Kroll.
Date Detected: 2025-07-17
Date Publicly Disclosed: 2025-08-01
Type: Data Breach
Attack Vector: Social EngineeringImpersonation (IT Personnel)Unauthorized Remote AccessExploitation of Salesforce Data Loader Tool
Vulnerability Exploited: Human Error (Social Engineering Susceptibility)Third-Party CRM Security Weaknesses
Threat Actor: ShinyHunters (suspected)
Motivation: Data TheftExtortion (potential, unconfirmed)
Title: Allianz Life Data Breach Impacting 1.5 Million Customers
Description: Allianz Life Insurance confirmed a data security incident that compromised the sensitive personal data of nearly 1.5 million individuals earlier this year.
Type: Data Breach
Title: Cyber Insureds Gain Ground on Attackers, But Holidays Bring Heightened Risk: 2025 Mid-Year Report
Description: Allianz Commercial's 2025 mid-year report highlights a 50% reduction in cyber claim severity and a 30% drop in large claims frequency among insured companies due to improved detection and response capabilities. Ransomware remains the top threat (60% of large claims), with attackers targeting smaller firms (88% of data breaches in SMEs vs. 39% in large firms). Double extortion (ransomware + data exfiltration) now accounts for 40% of large claim values, up from 25% in 2024. Retail, manufacturing, and professional services are the most impacted sectors. Business interruption costs exceed 50% of claim values, while non-attack incidents (e.g., data mishandling) represent 28% of large claims.
Date Publicly Disclosed: 2025-06-30
Type: Ransomware
Attack Vector: Social Engineering (e.g., impersonation of employees)Exploitation of Digital Supply Chain VulnerabilitiesTargeted Attacks on SMEs/Less Resilient FirmsSeasonal Attacks (e.g., Black Friday to Year-End)
Vulnerability Exploited: Weak Detection/Response Capabilities (SMEs)Wide Attack Surfaces (Retail: staff, suppliers, IT systems)Lack of Business Continuity PlansPrivacy Regulation Non-Compliance
Motivation: Financial Gain (Extortion/Ransom)Data Theft for Resale (Dark Web)Exploitation of Seasonal Vulnerabilities (e.g., Holiday Shopping)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Third-party, cloud-based CRM system, Third-party Cloud-based System, Third-party, cloud-based CRM system, Third-party cloud-based CRM system, Likely via compromised Salesforce instances, IT Helpdesk Impersonation via Vishing Calls, Compromised Credentials (Most Common)Phishing EmailsFake Help Desk Calls (e.g., Scattered Spider)Exploited Vulnerabilities in Supply Chain, Third-party CRM provider (Allianz Life), Third-Party Cloud-Based CRM System (via Social Engineering) and Social Engineering (Employee Impersonation)Digital Supply Chain ExploitsUnpatched Vulnerabilities (SMEs).
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach ALL547072725
Data Compromised: Personally identifiable information
Systems Affected: Third-party, cloud-based CRM system
Incident : Data Breach ALL548072725
Data Compromised: Personally identifiable information
Systems Affected: Third-party Cloud-based System
Identity Theft Risk: True
Incident : Data Breach ALL550072725
Data Compromised: Personally Identifiable Information
Systems Affected: Third-party, cloud-based CRM system
Incident : Data Breach ALL832080125
Data Compromised: Full names, Postal addresses, Dates of birth, Social security numbers (ssns)
Systems Affected: Third-party cloud-based CRM system
Identity Theft Risk: High
Incident : Data Breach ALL841080425
Data Compromised: Personal Information
Incident : Data Breach ALL316081425
Data Compromised: Names, Addresses, Phone numbers, Dates of birth, Tax identification numbers, Social security numbers, Business partner records
Systems Affected: Salesforce Instances
Brand Reputation Impact: High (Sensitive customer data exposed, risk of identity theft and fraud)
Identity Theft Risk: High (Sufficient data for impersonation, phishing, financial fraud, and tax fraud)
Incident : Data Breach ALL538082025
Data Compromised: Names, Addresses, Phone numbers, Emails
Brand Reputation Impact: Potential negative impact due to high-profile breach
Identity Theft Risk: High (personal data exposed)
Incident : Data Breach ALL505090325
Data Compromised: Customer records, Corporate partner data
Systems Affected: Salesforce Customer Management Platform
Operational Impact: Loss of Customer TrustIncreased Security Scrutiny
Brand Reputation Impact: Severe (Public Data Dump, Extortion Messages)
Identity Theft Risk: ['High (PII Exposed in 2.8M Records)']
Incident : Ransomware ALL4362043100125
Data Compromised: Personal data (retailers), Customer records, Payment information, Sensitive corporate data
Systems Affected: Retailer IT SystemsManufacturing Supply ChainsProfessional Services FirmsCloud Environments
Operational Impact: Business Interruption (50%+ of cyber claim value)Supply Chain DisruptionsCloud Service Outages
Brand Reputation Impact: Loss of Customer TrustRegulatory Scrutiny
Legal Liabilities: Privacy Litigation (1,500+ US actions in 2024)Regulatory Fines (DORA, NIS2)
Identity Theft Risk: High (due to PII exposure in retail breaches)
Payment Information Risk: High (targeted in ransomware/exfiltration)
Incident : Data Breach ALL2292722100125
Systems Affected: CRM systems (Allianz Life)Online services and mobile app (WestJet)Internal systems (Motility Software Solutions)
Downtime: ['Interruptions in WestJet’s online services and mobile app']
Operational Impact: WestJet: No impact on safety/integrity of operations; Motility: Restricted access to internal data due to encryption
Brand Reputation Impact: Potential reputational damage for all three companies
Identity Theft Risk: ['High (SSNs, driver’s license numbers, and other PII exposed)']
Payment Information Risk: ['WestJet confirmed credit/debit card numbers, expiry dates, CVVs, and passwords were *not* compromised']
Incident : Data Breach ALL2592725100125
Data Compromised: Names, Addresses, Dates of birth, Social security numbers, Email addresses
Systems Affected: Third-Party Cloud-Based CRM System
Operational Impact: Limited to Third-Party CRM; Core Policy Administration Systems Untouched
Brand Reputation Impact: Potential Reputation Damage Due to Large-Scale Data Exposure
Identity Theft Risk: ['High (Due to Exposure of SSNs and PII)']
Incident : Data Breach ALL0033200100325
Data Compromised: Sensitive personal data
Brand Reputation Impact: Potential negative impact due to exposure of 1.5 million customers' data
Identity Theft Risk: High (sensitive personal data compromised)
Incident : Ransomware ALL0293402100925
Data Compromised: Sme Ransomware Breaches: 8, 8, %, , (, v, s, ., , 3, 9, %, , i, n, , l, a, r, g, e, , f, i, r, m, s, ), Large Claims With Data Theft: 4, 0, %, , (, u, p, , f, r, o, m, , 2, 5, %, , i, n, , 2, 0, 2, 4, ), Personally Identifiable Information: T, r, u, e,
Operational Impact: Business Interruption (Primary Driver of Claims)Supply Chain DisruptionsRegulatory Non-Compliance Penalties
Legal Liabilities: Stricter Data Privacy Regulations (e.g., GDPR)Regulatory Fines for Non-Compliance
Identity Theft Risk: True
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $0.00.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personally Identifiable Information, Personally Identifiable Information, , Personally Identifiable Information, Full Names, Postal Addresses, Dates Of Birth, Social Security Numbers (Ssns), , Personal Information, Personally Identifiable Information (Pii), Financial Identification Data (Tax Ids, Ssns), Contact Information, Business Partner Data, , Personal Information, Personally Identifiable Information (Pii), , Personally Identifiable Information (Pii), Corporate Partner Data, , Personally Identifiable Information (Pii), Financial Records, Corporate Intellectual Property, , Names, Addresses, Dates Of Birth, Ssns (Allianz Life), Names, Contact Details, Reservation/Travel Documents, Relationship Data (Westjet), Full Names, Home/Email Addresses, Phone Numbers, Dates Of Birth, Ssns, Driver’S License Numbers (Motility), , Personally Identifiable Information (Pii), Sensitive Personal Data, , Sensitive Personal Data, , Personally Identifiable Information (Pii), Corporate Data (Exfiltrated In 40% Of Large Claims) and .
Which entities were affected by each incident ?
Incident : ransomware attacks ALL435050724
Entity Name: Allianz
Entity Type: Company
Industry: Insurance
Location: Global
Incident : Data Breach ALL547072725
Entity Name: Allianz Life Insurance Company
Entity Type: Insurance Provider
Industry: Insurance
Location: Minneapolis, USA
Size: 1.4 million customers
Customers Affected: Majority of 1.4 million customers
Incident : Data Breach ALL548072725
Entity Name: Allianz Life Insurance Company of North America
Entity Type: Insurance Company
Industry: Insurance
Location: Minneapolis, Minnesota, USA
Size: Nearly 2,000 employees
Customers Affected: Majority of 1.4 million customers
Incident : Data Breach ALL550072725
Entity Name: Allianz Life Insurance Company of North America
Entity Type: Insurance Company
Industry: Financial Services
Location: North America
Size: 1.4 million customers
Customers Affected: Majority of 1.4 million customers
Incident : Data Breach ALL832080125
Entity Name: Allianz Life
Entity Type: Insurance Company
Industry: Insurance
Customers Affected: 1.4 million
Incident : Data Breach ALL841080425
Entity Name: Allianz Life Insurance Company of North America
Entity Type: Insurance Company
Industry: Insurance
Customers Affected: 597
Incident : Data Breach ALL316081425
Entity Name: Allianz Life
Entity Type: Insurance Company
Industry: Financial Services / Insurance
Size: 1.4 million customers affected
Customers Affected: 1.4 million (majority of customer base)
Incident : Data Breach ALL316081425
Entity Name: Salesforce (indirectly, as platform)
Entity Type: Cloud Services Provider
Industry: Technology
Incident : Data Breach ALL316081425
Entity Name: Business Partners of Allianz Life
Entity Type: Corporate Entities
Customers Affected: Included in 2.8 million records
Incident : Data Breach ALL538082025
Entity Name: Allianz Life
Entity Type: Insurance Firm
Industry: Insurance
Location: United States
Size: 1.4 million customers (U.S.)
Customers Affected: 1.1 million
Incident : Data Breach ALL505090325
Entity Name: Salesforce
Entity Type: Customer Relationship Management (CRM) Platform
Industry: Technology/Cloud Services
Location: Global
Size: Enterprise
Customers Affected: 2.5 billion (Google advisory) + 2.8 million (Allianz Life records)
Incident : Data Breach ALL505090325
Entity Name: Allianz Life
Entity Type: Insurance Provider
Industry: Financial Services
Location: Global (HQ: Germany/USA)
Size: Enterprise
Customers Affected: 2.8 million
Incident : Data Breach ALL505090325
Entity Name: Google
Entity Type: Technology Company
Industry: Internet Services
Location: Global
Size: Enterprise
Customers Affected: 2.5 billion (security advisory)
Incident : Data Breach ALL505090325
Entity Name: Qantas
Entity Type: Airline
Industry: Aviation
Location: Australia
Size: Enterprise
Incident : Data Breach ALL505090325
Entity Name: Pandora
Entity Type: Jewelry Retailer
Industry: Retail
Location: Global
Size: Enterprise
Incident : Data Breach ALL505090325
Entity Name: Adidas
Entity Type: Sportswear Manufacturer
Industry: Retail
Location: Global
Size: Enterprise
Incident : Data Breach ALL505090325
Entity Name: Chanel
Entity Type: Luxury Fashion
Industry: Retail
Location: Global
Size: Enterprise
Incident : Data Breach ALL505090325
Entity Name: Tiffany & Co.
Entity Type: Luxury Jewelry
Industry: Retail
Location: Global
Size: Enterprise
Incident : Data Breach ALL505090325
Entity Name: Cisco
Entity Type: Networking Hardware
Industry: Technology
Location: Global
Size: Enterprise
Incident : Data Breach ALL505090325
Entity Name: AT&T
Entity Type: Telecommunications
Industry: Telecom
Location: USA
Size: Enterprise
Customers Affected: 73 million (2021 breach)
Incident : Ransomware ALL4362043100125
Entity Type: Small and Medium-Sized Enterprises (SMEs), Retailers, Manufacturers, Professional Services Firms
Industry: Retail (Most Targeted in H1 2025), Manufacturing, Professional Services
Location: Global (with focus on regions with low cyber insurance penetration)
Size: Small to Mid-Sized Firms
Customers Affected: Millions (due to supply chain/retail breaches)
Incident : Data Breach ALL2292722100125
Entity Name: Allianz Life
Entity Type: Insurance Company
Industry: Financial Services
Location: North America (primarily U.S.)
Customers Affected: 1,497,036
Incident : Data Breach ALL2292722100125
Entity Name: WestJet
Entity Type: Airline
Industry: Aviation/Transportation
Location: Canada (affected U.S. customers: 1.2 million)
Customers Affected: 1,200,000 (U.S. customers only; total not specified)
Incident : Data Breach ALL2292722100125
Entity Name: Motility Software Solutions
Entity Type: Software Provider
Industry: Automotive (RV/powersports dealerships)
Location: Ohio, U.S.
Customers Affected: 766,670
Incident : Data Breach ALL2592725100125
Entity Name: Allianz Life Insurance Company of North America
Entity Type: Subsidiary
Industry: Financial Services, Insurance
Location: Minneapolis, Minnesota, USA
Size: Large (Subsidiary of Allianz SE, Serving 128M+ Customers Globally)
Customers Affected: 1,497,036 individuals
Incident : Data Breach ALL0033200100325
Entity Name: Allianz Life Insurance
Entity Type: Insurance Company
Industry: Financial Services / Insurance
Customers Affected: 1,500,000
Incident : Ransomware ALL0293402100925
Entity Name: Unspecified Large Insured Companies (Multinationals)
Entity Type: Corporation
Industry: Manufacturing (33% of large claims), Professional Services (18%), Retail (9%)
Location: Global (Focus on Asia/Latin America for SMEs)
Size: Large (Improved Resilience) & SMEs (Higher Targeting)
Incident : Ransomware ALL0293402100925
Entity Name: Small and Medium-Sized Enterprises (SMEs)
Entity Type: Business
Industry: Cross-Sector (Retail Highlighted)
Location: Global (Emphasis on Asia/Latin America)
Size: Small to Mid-Sized
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach ALL547072725
Communication Strategy: Notifications to affected individuals within 30 days
Incident : Data Breach ALL548072725
Incident Response Plan Activated: True
Containment Measures: Immediate action to contain and mitigate the issue
Recovery Measures: Offering 24 months of identity theft protection and credit monitoring
Communication Strategy: Notifying impacted individuals
Incident : Data Breach ALL550072725
Law Enforcement Notified: FBI notified
Containment Measures: Immediate action to contain and mitigate the issue
Communication Strategy: Process of reaching out to individuals impacted with dedicated resources
Incident : Data Breach ALL832080125
Law Enforcement Notified: FBI
Containment Measures: Measures to contain the intrusion
Communication Strategy: Notifying affected individuals
Incident : Data Breach ALL841080425
Third Party Assistance: Kroll
Incident : Data Breach ALL316081425
Communication Strategy: Public Advisory (via media reports)Encouraging customers to check exposure via HaveIBeenPwned and Google Password Checkup
Incident : Data Breach ALL538082025
Incident Response Plan Activated: Yes (investigation ongoing)
Remediation Measures: Two years of identity monitoring services for impacted individuals
Communication Strategy: Breach notification via Have I Been Pwned; spokesperson declined further comment during investigation
Incident : Data Breach ALL505090325
Communication Strategy: Google Security Advisory to 2.5B Users
Incident : Ransomware ALL4362043100125
Incident Response Plan Activated: Yes (for insured firms with preparedness)
Third Party Assistance: Cyber Insurance Providers (E.G., Allianz), Forensic Investigators, Legal Counsel.
Containment Measures: Network SegmentationIsolation of Affected SystemsRevoking Compromised Credentials
Remediation Measures: Patching VulnerabilitiesEnhanced Authentication (MFA)Data Recovery from Backups
Recovery Measures: Business Continuity PlansSupplier Risk AssessmentsCustomer Notification (if data breached)
Communication Strategy: Transparent Disclosure (for insured firms)Regulatory Reporting (DORA/NIS2 compliance)
Network Segmentation: Critical for limiting lateral movement
Enhanced Monitoring: Early detection reduced losses by 1,000x
Incident : Data Breach ALL2292722100125
Incident Response Plan Activated: True
Third Party Assistance: Forensic Investigators (Implied).
Remediation Measures: Identity protection and credit monitoring services (Allianz: 2 years; WestJet: 2 years; Motility: 12 months)
Communication Strategy: Public disclosures (Maine AG filings), customer notifications, advisories to exercise caution
Incident : Data Breach ALL2592725100125
Incident Response Plan Activated: True
Third Party Assistance: Cybersecurity Experts (Unnamed), Kroll (Identity Monitoring Services).
Law Enforcement Notified: FBI,
Containment Measures: Isolation of Compromised Third-Party CRMInternal Investigation
Recovery Measures: Customer Notifications (Began 2025-08-01)Offer of 2 Years of Complimentary Identity Monitoring (Kroll)
Communication Strategy: Maine Attorney General’s Office FilingDirect Customer NotificationsPublic Advisory on Protective Measures
Incident : Data Breach ALL0033200100325
Communication Strategy: Public disclosure of the breach
Incident : Ransomware ALL0293402100925
Incident Response Plan Activated: True
Third Party Assistance: Cyber Insurance Providers (E.G., Allianz Commercial), Law Enforcement (International Coordination).
Containment Measures: Early Detection/Response (Reduces Costs by 1,000x)Business Continuity Plans
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Yes (investigation ongoing), Yes (for insured firms with preparedness), , , .
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Kroll, Cyber Insurance Providers (e.g., Allianz), Forensic Investigators, Legal Counsel, , Forensic investigators (implied), , Cybersecurity Experts (Unnamed), Kroll (Identity Monitoring Services), , Cyber Insurance Providers (e.g., Allianz Commercial), Law Enforcement (International Coordination), .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach ALL547072725
Type of Data Compromised: Personally Identifiable Information
Number of Records Exposed: Majority of 1.4 million
Sensitivity of Data: High
Incident : Data Breach ALL548072725
Type of Data Compromised: Personally identifiable information
Number of Records Exposed: Majority of 1.4 million customers
Sensitivity of Data: High
Incident : Data Breach ALL550072725
Type of Data Compromised: Personally Identifiable Information
Number of Records Exposed: Majority of 1.4 million customers
Data Exfiltration: Yes
Personally Identifiable Information: Yes
Incident : Data Breach ALL832080125
Type of Data Compromised: Full names, Postal addresses, Dates of birth, Social security numbers (ssns)
Number of Records Exposed: 1.4 million
Sensitivity of Data: High
Personally Identifiable Information: Full namesPostal addressesDates of birthSocial Security numbers (SSNs)
Incident : Data Breach ALL841080425
Type of Data Compromised: Personal Information
Number of Records Exposed: 597
Incident : Data Breach ALL316081425
Type of Data Compromised: Personally identifiable information (pii), Financial identification data (tax ids, ssns), Contact information, Business partner data
Number of Records Exposed: 2.8 million
Sensitivity of Data: High (Includes SSNs, Tax IDs, and full PII for identity theft)
Data Exfiltration: Yes (via Telegram channel)
Personally Identifiable Information: NamesAddressesPhone NumbersDates of BirthTax Identification NumbersSocial Security Numbers
Incident : Data Breach ALL538082025
Type of Data Compromised: Personal information, Personally identifiable information (pii)
Number of Records Exposed: 1,100,000
Sensitivity of Data: High (PII including names, addresses, phone numbers, emails)
Data Exfiltration: Yes
Personally Identifiable Information: Yes
Incident : Data Breach ALL505090325
Type of Data Compromised: Personally identifiable information (pii), Corporate partner data
Number of Records Exposed: 2.8 million (Allianz Life) + 73 million (AT&T, 2021)
Sensitivity of Data: High
Data Exfiltration: Yes (Publicly Released on Telegram)
Personally Identifiable Information: Yes
Incident : Ransomware ALL4362043100125
Type of Data Compromised: Personally identifiable information (pii), Financial records, Corporate intellectual property
Sensitivity of Data: High (PII, payment data)
Data Exfiltration: Primary tactic (more common than encryption)
Data Encryption: Secondary (still used in 60% of large claims)
Personally Identifiable Information: Frequently targeted in retail breaches
Incident : Data Breach ALL2292722100125
Type of Data Compromised: Names, addresses, dates of birth, ssns (allianz life), Names, contact details, reservation/travel documents, relationship data (westjet), Full names, home/email addresses, phone numbers, dates of birth, ssns, driver’s license numbers (motility)
Number of Records Exposed: 3,700,000+ (aggregated across all three companies)
Sensitivity of Data: High (PII including SSNs and driver’s license numbers)
Data Encryption: ['Motility: Files encrypted by ransomware before exfiltration']
Incident : Data Breach ALL2592725100125
Type of Data Compromised: Personally identifiable information (pii), Sensitive personal data
Number of Records Exposed: 1,497,036
Sensitivity of Data: High (Includes SSNs, Dates of Birth, Email Addresses)
Personally Identifiable Information: NamesAddressesDates of BirthSocial Security NumbersEmail Addresses
Incident : Data Breach ALL0033200100325
Type of Data Compromised: Sensitive personal data
Number of Records Exposed: 1,500,000
Sensitivity of Data: High
Personally Identifiable Information: Yes
Incident : Ransomware ALL0293402100925
Type of Data Compromised: Personally identifiable information (pii), Corporate data (exfiltrated in 40% of large claims)
Sensitivity of Data: High (PII, Financial Data in Retail)
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Two years of identity monitoring services for impacted individuals, Patching Vulnerabilities, Enhanced Authentication (MFA), Data Recovery from Backups, , Identity protection and credit monitoring services (Allianz: 2 years; WestJet: 2 years; Motility: 12 months), .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by immediate action to contain and mitigate the issue, , immediate action to contain and mitigate the issue, measures to contain the intrusion, network segmentation, isolation of affected systems, revoking compromised credentials, , isolation of compromised third-party crm, internal investigation, , early detection/response (reduces costs by 1,000x), business continuity plans and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Data Breach ALL505090325
Data Exfiltration: Yes (via Vishing & Cloud Access)
Incident : Ransomware ALL4362043100125
Data Encryption: Used in 60% of large claims (>€1M)
Data Exfiltration: Dominant tactic (88% of SME breaches)
Incident : Data Breach ALL2292722100125
Data Encryption: ['Motility: Partial encryption of internal systems']
Data Exfiltration: ['Motility: Limited files removed pre-encryption']
Incident : Data Breach ALL2592725100125
Data Exfiltration: True
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Offering 24 months of identity theft protection and credit monitoring, , Business Continuity Plans, Supplier Risk Assessments, Customer Notification (if data breached), , Customer Notifications (Began 2025-08-01), Offer of 2 Years of Complimentary Identity Monitoring (Kroll), .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach ALL547072725
Regulations Violated: Maine’s data breach notification law
Regulatory Notifications: Maine’s attorney general
Incident : Data Breach ALL548072725
Regulatory Notifications: Maine Attorney General's Office
Incident : Data Breach ALL550072725
Regulatory Notifications: Mandatory filing with Maine's Attorney General's Office
Incident : Data Breach ALL832080125
Regulatory Notifications: Attorney General’s office in Texas and Massachusetts
Incident : Ransomware ALL4362043100125
Regulations Violated: Digital Operational Resilience Act (DORA) - EU, NIS2 Directive - EU, Sector-Specific Privacy Laws (e.g., GDPR),
Legal Actions: 1,500+ privacy litigation cases (US, 2024)
Regulatory Notifications: Mandatory under DORA/NIS2 for critical sectors
Incident : Data Breach ALL2292722100125
Regulatory Notifications: Filed with Maine Attorney General’s Office (all three companies)
Incident : Data Breach ALL2592725100125
Regulatory Notifications: Maine Attorney General’s Office
Incident : Ransomware ALL0293402100925
Regulations Violated: Data Privacy Laws (e.g., GDPR), Sector-Specific Regulations,
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through 1,500+ privacy litigation cases (US, 2024).
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : ransomware attacks ALL435050724
Lessons Learned: An essential shift in how businesses approach risk management, prioritizing a comprehensive understanding of both new and old threats to maintain operational resilience and security.
Incident : Data Breach ALL316081425
Lessons Learned: Ransomware groups may leak data even if ransom is paid; assume worst-case scenarios in response planning., Salesforce instances can be high-value targets for mass data exfiltration., Proactive customer communication and tools (e.g., HaveIBeenPwned) are critical for mitigating post-breach risks., Multi-factor authentication and password hygiene are essential to prevent downstream phishing/identity theft.
Incident : Data Breach ALL505090325
Lessons Learned: Vishing attacks leveraging deepfake/AI voice cloning are increasingly effective and difficult to detect., Collaboration between cybercrime groups (e.g., ShinyHunters, Scattered Spider, Lapsus$) amplifies threat capabilities., Targeting cloud platforms like Salesforce enables access to multiple victims' data in a single breach., Traditional MFA methods (e.g., SMS codes) are vulnerable to social engineering; phishing-resistant MFA (e.g., number matching, geo-verification) is critical., Employee training must include scenario-based vishing simulations to improve detection rates.
Incident : Ransomware ALL4362043100125
Lessons Learned: SMEs are now primary targets due to weaker defenses compared to large enterprises., Data exfiltration is more profitable and easier than encryption for attackers., Basic controls (MFA, patching, backups) drastically reduce financial impact., Supply chain and cloud security are critical but often overlooked., Tabletop exercises and business continuity planning improve resilience., Regulatory compliance (DORA, NIS2) will raise the bar for mid-sized firms.
Incident : Ransomware ALL0293402100925
Lessons Learned: Early detection/containment reduces costs exponentially (1,000x lower impact)., Business continuity plans mitigate >50% of claim costs (business interruption)., SMEs remain highly vulnerable (88% of breaches vs. 39% in large firms)., Double extortion (ransomware + data theft) is rising (40% of large claims in H1 2025)., Cyber insurance improves resilience (70% loss impact increase for insureds vs. 250% for uninsured over 4 years)., Seasonal risks (e.g., Black Friday) require heightened vigilance.
What recommendations were made to prevent future incidents ?
Incident : ransomware attacks ALL435050724
Recommendations: Prioritizing digital security and comprehensive risk management.
Incident : Data Breach ALL547072725
Recommendations: Enhanced cybersecurity measures across the insurance industry
Incident : Data Breach ALL316081425
Recommendations: Monitor dark web/Telegram channels for further leaks., Offer credit monitoring/identity theft protection to affected customers., Conduct a forensic audit of Salesforce and related systems., Implement stricter access controls and anomaly detection for cloud platforms., Educate customers on phishing risks and fraud prevention.Monitor dark web/Telegram channels for further leaks., Offer credit monitoring/identity theft protection to affected customers., Conduct a forensic audit of Salesforce and related systems., Implement stricter access controls and anomaly detection for cloud platforms., Educate customers on phishing risks and fraud prevention.Monitor dark web/Telegram channels for further leaks., Offer credit monitoring/identity theft protection to affected customers., Conduct a forensic audit of Salesforce and related systems., Implement stricter access controls and anomaly detection for cloud platforms., Educate customers on phishing risks and fraud prevention.Monitor dark web/Telegram channels for further leaks., Offer credit monitoring/identity theft protection to affected customers., Conduct a forensic audit of Salesforce and related systems., Implement stricter access controls and anomaly detection for cloud platforms., Educate customers on phishing risks and fraud prevention.Monitor dark web/Telegram channels for further leaks., Offer credit monitoring/identity theft protection to affected customers., Conduct a forensic audit of Salesforce and related systems., Implement stricter access controls and anomaly detection for cloud platforms., Educate customers on phishing risks and fraud prevention.
Incident : Data Breach ALL505090325
Recommendations: Implement phishing-resistant MFA (e.g., FIDO2, number matching, geo-verification)., Conduct regular vishing simulation exercises for employees, especially IT helpdesk and support teams., Enforce multi-layer verification for sensitive actions (e.g., on-camera ID checks, challenge questions not publicly available)., Monitor dark web/Telegram channels for leaked credentials or extortion announcements., Adopt zero-trust principles, particularly for cloud-based CRM/ERP platforms., Collaborate with industry peers to share threat intelligence on emerging vishing tactics., Deploy AI-based anomaly detection for voice communications in call centers/IT support.Implement phishing-resistant MFA (e.g., FIDO2, number matching, geo-verification)., Conduct regular vishing simulation exercises for employees, especially IT helpdesk and support teams., Enforce multi-layer verification for sensitive actions (e.g., on-camera ID checks, challenge questions not publicly available)., Monitor dark web/Telegram channels for leaked credentials or extortion announcements., Adopt zero-trust principles, particularly for cloud-based CRM/ERP platforms., Collaborate with industry peers to share threat intelligence on emerging vishing tactics., Deploy AI-based anomaly detection for voice communications in call centers/IT support.Implement phishing-resistant MFA (e.g., FIDO2, number matching, geo-verification)., Conduct regular vishing simulation exercises for employees, especially IT helpdesk and support teams., Enforce multi-layer verification for sensitive actions (e.g., on-camera ID checks, challenge questions not publicly available)., Monitor dark web/Telegram channels for leaked credentials or extortion announcements., Adopt zero-trust principles, particularly for cloud-based CRM/ERP platforms., Collaborate with industry peers to share threat intelligence on emerging vishing tactics., Deploy AI-based anomaly detection for voice communications in call centers/IT support.Implement phishing-resistant MFA (e.g., FIDO2, number matching, geo-verification)., Conduct regular vishing simulation exercises for employees, especially IT helpdesk and support teams., Enforce multi-layer verification for sensitive actions (e.g., on-camera ID checks, challenge questions not publicly available)., Monitor dark web/Telegram channels for leaked credentials or extortion announcements., Adopt zero-trust principles, particularly for cloud-based CRM/ERP platforms., Collaborate with industry peers to share threat intelligence on emerging vishing tactics., Deploy AI-based anomaly detection for voice communications in call centers/IT support.Implement phishing-resistant MFA (e.g., FIDO2, number matching, geo-verification)., Conduct regular vishing simulation exercises for employees, especially IT helpdesk and support teams., Enforce multi-layer verification for sensitive actions (e.g., on-camera ID checks, challenge questions not publicly available)., Monitor dark web/Telegram channels for leaked credentials or extortion announcements., Adopt zero-trust principles, particularly for cloud-based CRM/ERP platforms., Collaborate with industry peers to share threat intelligence on emerging vishing tactics., Deploy AI-based anomaly detection for voice communications in call centers/IT support.Implement phishing-resistant MFA (e.g., FIDO2, number matching, geo-verification)., Conduct regular vishing simulation exercises for employees, especially IT helpdesk and support teams., Enforce multi-layer verification for sensitive actions (e.g., on-camera ID checks, challenge questions not publicly available)., Monitor dark web/Telegram channels for leaked credentials or extortion announcements., Adopt zero-trust principles, particularly for cloud-based CRM/ERP platforms., Collaborate with industry peers to share threat intelligence on emerging vishing tactics., Deploy AI-based anomaly detection for voice communications in call centers/IT support.Implement phishing-resistant MFA (e.g., FIDO2, number matching, geo-verification)., Conduct regular vishing simulation exercises for employees, especially IT helpdesk and support teams., Enforce multi-layer verification for sensitive actions (e.g., on-camera ID checks, challenge questions not publicly available)., Monitor dark web/Telegram channels for leaked credentials or extortion announcements., Adopt zero-trust principles, particularly for cloud-based CRM/ERP platforms., Collaborate with industry peers to share threat intelligence on emerging vishing tactics., Deploy AI-based anomaly detection for voice communications in call centers/IT support.
Incident : Ransomware ALL4362043100125
Recommendations: Implement MFA and network segmentation to limit lateral movement., Conduct regular patching and backup testing., Train employees on social engineering (e.g., phishing, fake help desk calls)., Assess third-party/supplier cybersecurity risks., Adopt cyber insurance to mitigate financial and operational risks., Prepare for DORA/NIS2 compliance if operating in the EU., Use tabletop exercises to test incident response plans., Monitor dark web for stolen credentials/data.Implement MFA and network segmentation to limit lateral movement., Conduct regular patching and backup testing., Train employees on social engineering (e.g., phishing, fake help desk calls)., Assess third-party/supplier cybersecurity risks., Adopt cyber insurance to mitigate financial and operational risks., Prepare for DORA/NIS2 compliance if operating in the EU., Use tabletop exercises to test incident response plans., Monitor dark web for stolen credentials/data.Implement MFA and network segmentation to limit lateral movement., Conduct regular patching and backup testing., Train employees on social engineering (e.g., phishing, fake help desk calls)., Assess third-party/supplier cybersecurity risks., Adopt cyber insurance to mitigate financial and operational risks., Prepare for DORA/NIS2 compliance if operating in the EU., Use tabletop exercises to test incident response plans., Monitor dark web for stolen credentials/data.Implement MFA and network segmentation to limit lateral movement., Conduct regular patching and backup testing., Train employees on social engineering (e.g., phishing, fake help desk calls)., Assess third-party/supplier cybersecurity risks., Adopt cyber insurance to mitigate financial and operational risks., Prepare for DORA/NIS2 compliance if operating in the EU., Use tabletop exercises to test incident response plans., Monitor dark web for stolen credentials/data.Implement MFA and network segmentation to limit lateral movement., Conduct regular patching and backup testing., Train employees on social engineering (e.g., phishing, fake help desk calls)., Assess third-party/supplier cybersecurity risks., Adopt cyber insurance to mitigate financial and operational risks., Prepare for DORA/NIS2 compliance if operating in the EU., Use tabletop exercises to test incident response plans., Monitor dark web for stolen credentials/data.Implement MFA and network segmentation to limit lateral movement., Conduct regular patching and backup testing., Train employees on social engineering (e.g., phishing, fake help desk calls)., Assess third-party/supplier cybersecurity risks., Adopt cyber insurance to mitigate financial and operational risks., Prepare for DORA/NIS2 compliance if operating in the EU., Use tabletop exercises to test incident response plans., Monitor dark web for stolen credentials/data.Implement MFA and network segmentation to limit lateral movement., Conduct regular patching and backup testing., Train employees on social engineering (e.g., phishing, fake help desk calls)., Assess third-party/supplier cybersecurity risks., Adopt cyber insurance to mitigate financial and operational risks., Prepare for DORA/NIS2 compliance if operating in the EU., Use tabletop exercises to test incident response plans., Monitor dark web for stolen credentials/data.Implement MFA and network segmentation to limit lateral movement., Conduct regular patching and backup testing., Train employees on social engineering (e.g., phishing, fake help desk calls)., Assess third-party/supplier cybersecurity risks., Adopt cyber insurance to mitigate financial and operational risks., Prepare for DORA/NIS2 compliance if operating in the EU., Use tabletop exercises to test incident response plans., Monitor dark web for stolen credentials/data.
Incident : Data Breach ALL2592725100125
Recommendations: Enable multi-factor authentication (MFA) on sensitive accounts., Place fraud alerts or credit freezes with major credit bureaus., Regularly review financial statements for unauthorized activity., Remain vigilant against phishing and credential stuffing attempts., Third-party vendors should enhance security protocols against social engineering attacks.Enable multi-factor authentication (MFA) on sensitive accounts., Place fraud alerts or credit freezes with major credit bureaus., Regularly review financial statements for unauthorized activity., Remain vigilant against phishing and credential stuffing attempts., Third-party vendors should enhance security protocols against social engineering attacks.Enable multi-factor authentication (MFA) on sensitive accounts., Place fraud alerts or credit freezes with major credit bureaus., Regularly review financial statements for unauthorized activity., Remain vigilant against phishing and credential stuffing attempts., Third-party vendors should enhance security protocols against social engineering attacks.Enable multi-factor authentication (MFA) on sensitive accounts., Place fraud alerts or credit freezes with major credit bureaus., Regularly review financial statements for unauthorized activity., Remain vigilant against phishing and credential stuffing attempts., Third-party vendors should enhance security protocols against social engineering attacks.Enable multi-factor authentication (MFA) on sensitive accounts., Place fraud alerts or credit freezes with major credit bureaus., Regularly review financial statements for unauthorized activity., Remain vigilant against phishing and credential stuffing attempts., Third-party vendors should enhance security protocols against social engineering attacks.
Incident : Ransomware ALL0293402100925
Recommendations: Implement robust detection/response capabilities (e.g., EDR, SIEM)., Develop and test business continuity plans to reduce interruption costs., Prioritize supply chain security and third-party risk management., Enhance employee training to counter social engineering (e.g., impersonation attacks)., Leverage cyber insurance for risk transfer and incident response support., Strengthen data privacy compliance to avoid regulatory fines., Monitor dark web for stolen data (especially for SMEs)., Prepare for seasonal threats (e.g., holiday shopping periods).Implement robust detection/response capabilities (e.g., EDR, SIEM)., Develop and test business continuity plans to reduce interruption costs., Prioritize supply chain security and third-party risk management., Enhance employee training to counter social engineering (e.g., impersonation attacks)., Leverage cyber insurance for risk transfer and incident response support., Strengthen data privacy compliance to avoid regulatory fines., Monitor dark web for stolen data (especially for SMEs)., Prepare for seasonal threats (e.g., holiday shopping periods).Implement robust detection/response capabilities (e.g., EDR, SIEM)., Develop and test business continuity plans to reduce interruption costs., Prioritize supply chain security and third-party risk management., Enhance employee training to counter social engineering (e.g., impersonation attacks)., Leverage cyber insurance for risk transfer and incident response support., Strengthen data privacy compliance to avoid regulatory fines., Monitor dark web for stolen data (especially for SMEs)., Prepare for seasonal threats (e.g., holiday shopping periods).Implement robust detection/response capabilities (e.g., EDR, SIEM)., Develop and test business continuity plans to reduce interruption costs., Prioritize supply chain security and third-party risk management., Enhance employee training to counter social engineering (e.g., impersonation attacks)., Leverage cyber insurance for risk transfer and incident response support., Strengthen data privacy compliance to avoid regulatory fines., Monitor dark web for stolen data (especially for SMEs)., Prepare for seasonal threats (e.g., holiday shopping periods).Implement robust detection/response capabilities (e.g., EDR, SIEM)., Develop and test business continuity plans to reduce interruption costs., Prioritize supply chain security and third-party risk management., Enhance employee training to counter social engineering (e.g., impersonation attacks)., Leverage cyber insurance for risk transfer and incident response support., Strengthen data privacy compliance to avoid regulatory fines., Monitor dark web for stolen data (especially for SMEs)., Prepare for seasonal threats (e.g., holiday shopping periods).Implement robust detection/response capabilities (e.g., EDR, SIEM)., Develop and test business continuity plans to reduce interruption costs., Prioritize supply chain security and third-party risk management., Enhance employee training to counter social engineering (e.g., impersonation attacks)., Leverage cyber insurance for risk transfer and incident response support., Strengthen data privacy compliance to avoid regulatory fines., Monitor dark web for stolen data (especially for SMEs)., Prepare for seasonal threats (e.g., holiday shopping periods).Implement robust detection/response capabilities (e.g., EDR, SIEM)., Develop and test business continuity plans to reduce interruption costs., Prioritize supply chain security and third-party risk management., Enhance employee training to counter social engineering (e.g., impersonation attacks)., Leverage cyber insurance for risk transfer and incident response support., Strengthen data privacy compliance to avoid regulatory fines., Monitor dark web for stolen data (especially for SMEs)., Prepare for seasonal threats (e.g., holiday shopping periods).Implement robust detection/response capabilities (e.g., EDR, SIEM)., Develop and test business continuity plans to reduce interruption costs., Prioritize supply chain security and third-party risk management., Enhance employee training to counter social engineering (e.g., impersonation attacks)., Leverage cyber insurance for risk transfer and incident response support., Strengthen data privacy compliance to avoid regulatory fines., Monitor dark web for stolen data (especially for SMEs)., Prepare for seasonal threats (e.g., holiday shopping periods).
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are An essential shift in how businesses approach risk management, prioritizing a comprehensive understanding of both new and old threats to maintain operational resilience and security.Ransomware groups may leak data even if ransom is paid; assume worst-case scenarios in response planning.,Salesforce instances can be high-value targets for mass data exfiltration.,Proactive customer communication and tools (e.g., HaveIBeenPwned) are critical for mitigating post-breach risks.,Multi-factor authentication and password hygiene are essential to prevent downstream phishing/identity theft.Vishing attacks leveraging deepfake/AI voice cloning are increasingly effective and difficult to detect.,Collaboration between cybercrime groups (e.g., ShinyHunters, Scattered Spider, Lapsus$) amplifies threat capabilities.,Targeting cloud platforms like Salesforce enables access to multiple victims' data in a single breach.,Traditional MFA methods (e.g., SMS codes) are vulnerable to social engineering; phishing-resistant MFA (e.g., number matching, geo-verification) is critical.,Employee training must include scenario-based vishing simulations to improve detection rates.SMEs are now primary targets due to weaker defenses compared to large enterprises.,Data exfiltration is more profitable and easier than encryption for attackers.,Basic controls (MFA, patching, backups) drastically reduce financial impact.,Supply chain and cloud security are critical but often overlooked.,Tabletop exercises and business continuity planning improve resilience.,Regulatory compliance (DORA, NIS2) will raise the bar for mid-sized firms.Early detection/containment reduces costs exponentially (1,000x lower impact).,Business continuity plans mitigate >50% of claim costs (business interruption).,SMEs remain highly vulnerable (88% of breaches vs. 39% in large firms).,Double extortion (ransomware + data theft) is rising (40% of large claims in H1 2025).,Cyber insurance improves resilience (70% loss impact increase for insureds vs. 250% for uninsured over 4 years).,Seasonal risks (e.g., Black Friday) require heightened vigilance.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Assess third-party/supplier cybersecurity risks., Implement MFA and network segmentation to limit lateral movement., Adopt cyber insurance to mitigate financial and operational risks., Train employees on social engineering (e.g., phishing, fake help desk calls)., Monitor dark web for stolen credentials/data., Prepare for DORA/NIS2 compliance if operating in the EU., Enhanced cybersecurity measures across the insurance industry, Conduct regular patching and backup testing., Prioritizing digital security and comprehensive risk management. and Use tabletop exercises to test incident response plans..
References
Where can I find more information about each incident ?
Incident : ransomware attacks ALL435050724
Source: Allianz Risk Barometer
Incident : Data Breach ALL547072725
Source: Company spokesperson Brett Weinberg
Incident : Data Breach ALL550072725
Source: BleepingComputer
Incident : Data Breach ALL832080125
Source: TechCrunch
Incident : Data Breach ALL841080425
Source: Maine Office of the Attorney General
Date Accessed: 2024-12-10
Incident : Data Breach ALL316081425
Source: TechRadar
Incident : Data Breach ALL316081425
Source: BleepingComputer
Incident : Data Breach ALL316081425
Source: Google Password Checkup
Incident : Data Breach ALL538082025
Source: Reuters (Reporting by Juby Babu; Editing by Mohammed Safi Shamsi and Alan Barona)
Date Accessed: 2024-08-12
Incident : Data Breach ALL505090325
Source: The Conversation (Article on ShinyHunters Vishing Attacks)
Incident : Data Breach ALL505090325
Source: Google Security Advisory (2.5B User Alert)
Incident : Data Breach ALL505090325
Source: Telegram Post by ShinyHunters (Allianz Life Data Dump)
Date Accessed: 2024-08-mid
Incident : Ransomware ALL4362043100125
Source: Allianz Cyber Security Resilience 2025 Report
URL: https://www.allianz.com/en/press/news/reports/250627-cyber-security-resilience-2025.html
Date Accessed: 2025-06-27
Incident : Ransomware ALL4362043100125
Source: Allianz Commercial - Global Cyber Insurance Market Projections
Date Accessed: 2025-06-30
Incident : Data Breach ALL2292722100125
Source: The Register
URL: https://www.theregister.com/2023/10/XX/allianz_westjet_motility_breaches/
Incident : Data Breach ALL2292722100125
Source: Maine Attorney General’s Office (Allianz Life filing)
Incident : Data Breach ALL2292722100125
Source: Maine Attorney General’s Office (WestJet filing)
Incident : Data Breach ALL2292722100125
Source: Maine Attorney General’s Office (Motility filing)
Incident : Data Breach ALL2592725100125
Source: Maine Attorney General’s Office Filing
Incident : Data Breach ALL2592725100125
Source: Have I Been Pwned (Breach Monitoring Service)
Incident : Ransomware ALL0293402100925
Source: Allianz Commercial - Cyber Security Resilience Outlook (2025 Mid-Year Report)
Date Accessed: 2025-06-30
Incident : Ransomware ALL0293402100925
Source: Verizon Data Breach Investigations Report (DBIR)
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Allianz Risk Barometer, and Source: Company spokesperson Brett Weinberg, and Source: Company StatementDate Accessed: 2023-07-22, and Source: BleepingComputer, and Source: TechCrunch, and Source: Maine Office of the Attorney GeneralDate Accessed: 2024-12-10, and Source: TechRadar, and Source: BleepingComputer, and Source: HaveIBeenPwnedUrl: https://haveibeenpwned.com, and Source: Google Password CheckupUrl: https://passwords.google.com/checkup, and Source: Have I Been PwnedDate Accessed: 2024-08-12, and Source: Reuters (Reporting by Juby Babu; Editing by Mohammed Safi Shamsi and Alan Barona)Date Accessed: 2024-08-12, and Source: The Conversation (Article on ShinyHunters Vishing Attacks), and Source: Google Security Advisory (2.5B User Alert), and Source: Telegram Post by ShinyHunters (Allianz Life Data Dump)Date Accessed: 2024-08-mid, and Source: Allianz Cyber Security Resilience 2025 ReportUrl: https://www.allianz.com/en/press/news/reports/250627-cyber-security-resilience-2025.htmlDate Accessed: 2025-06-27, and Source: Allianz Commercial - Global Cyber Insurance Market ProjectionsUrl: https://commercial.allianz.com/en/insights/press-releases/cyber-insurance-market-to-double-by-2030.htmlDate Accessed: 2025-06-30, and Source: The RegisterUrl: https://www.theregister.com/2023/10/XX/allianz_westjet_motility_breaches/, and Source: Maine Attorney General’s Office (Allianz Life filing), and Source: Maine Attorney General’s Office (WestJet filing), and Source: Maine Attorney General’s Office (Motility filing), and Source: Maine Attorney General’s Office Filing, and Source: Have I Been Pwned (Breach Monitoring Service)Url: https://haveibeenpwned.com, and Source: Allianz Commercial - Cyber Security Resilience Outlook (2025 Mid-Year Report)Date Accessed: 2025-06-30, and Source: Verizon Data Breach Investigations Report (DBIR).
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach ALL547072725
Investigation Status: Ongoing
Incident : Data Breach ALL548072725
Investigation Status: Ongoing
Incident : Data Breach ALL550072725
Investigation Status: Ongoing
Incident : Data Breach ALL316081425
Investigation Status: Ongoing (publicly disclosed, but no official resolution details)
Incident : Data Breach ALL538082025
Investigation Status: Ongoing
Incident : Data Breach ALL505090325
Investigation Status: Ongoing (Telegram channel taken down; no public updates on arrests or further breaches)
Incident : Ransomware ALL4362043100125
Investigation Status: Ongoing (trend analysis based on H1 2025 claims data)
Incident : Data Breach ALL2292722100125
Investigation Status: ['Allianz Life: Ongoing/completed (not specified)', 'WestJet: Completed (ended September 15, 2023)', 'Motility: Completed (forensic investigation concluded)']
Incident : Data Breach ALL2592725100125
Investigation Status: Ongoing (Internal Investigation with Cybersecurity Experts)
Incident : Data Breach ALL0033200100325
Investigation Status: Confirmed (publicly disclosed)
Incident : Ransomware ALL0293402100925
Investigation Status: Ongoing (Trend Analysis)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notifications to affected individuals within 30 days, Notifying Impacted Individuals, Process of reaching out to individuals impacted with dedicated resources, Notifying affected individuals, Public Advisory (Via Media Reports), Encouraging Customers To Check Exposure Via Haveibeenpwned And Google Password Checkup, Breach notification via Have I Been Pwned; spokesperson declined further comment during investigation, Google Security Advisory To 2.5B Users, Transparent Disclosure (For Insured Firms), Regulatory Reporting (Dora/Nis2 Compliance), Public Disclosures (Maine Ag Filings), Customer Notifications, Advisories To Exercise Caution, Maine Attorney General’S Office Filing, Direct Customer Notifications, Public Advisory On Protective Measures and Public disclosure of the breach.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach ALL547072725
Customer Advisories: Planned around August 1, 2025
Incident : Data Breach ALL548072725
Incident : Data Breach ALL550072725
Customer Advisories: Placeholder notification issued
Incident : Data Breach ALL832080125
Customer Advisories: Notifying affected individuals on August 1
Incident : Data Breach ALL316081425
Customer Advisories: Check exposure via HaveIBeenPwned or Google Password Checkup.Be vigilant for phishing attempts and identity theft (e.g., fraudulent loans, tax filings).Consider freezing credit reports if SSNs were exposed.
Incident : Data Breach ALL538082025
Customer Advisories: Two years of identity monitoring services provided to impacted individuals
Incident : Data Breach ALL505090325
Stakeholder Advisories: Google'S Global Security Advisory To Users.
Customer Advisories: Google urged users to enable advanced security measures (e.g., phishing-resistant MFA)
Incident : Ransomware ALL4362043100125
Stakeholder Advisories: Mid-Sized Firms Urged To Adopt Cyber Insurance And Basic Controls., Retailers Advised To Secure Customer Data And Supply Chains., Eu Organizations Must Prepare For Dora/Nis2 Compliance Deadlines..
Customer Advisories: Monitor financial accounts for fraud (if data breached).Report suspicious communications (e.g., phishing, fake support calls).
Incident : Data Breach ALL2292722100125
Stakeholder Advisories: All Companies Notified Affected Individuals And Offered Credit Monitoring.
Customer Advisories: WestJet: Encouraged staff/customers to exercise caution; Allianz/Motility: Provided identity protection services
Incident : Data Breach ALL2592725100125
Stakeholder Advisories: Fbi Notification, Public Disclosure Via Maine Ag Office.
Customer Advisories: Written notifications sent to affected individuals (starting 2025-08-01).Offer of 2 years of Kroll Identity Monitoring Services (single-bureau credit monitoring, fraud consultation, identity theft restoration).Guidance on protective measures (MFA, credit freezes, vigilance against phishing).
Incident : Ransomware ALL0293402100925
Stakeholder Advisories: Heightened Risk During Holiday Seasons (Black Friday To Year-End)., Smes Urged To Adopt Cyber Insurance And Basic Hygiene Measures., Large Firms Advised To Share Threat Intelligence With Supply Chains..
Customer Advisories: Retail customers: Monitor financial accounts for fraud during holidays.SME customers: Implement multi-factor authentication (MFA) and backups.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Planned around August 1, 2025, , Placeholder notification issued, Notifying affected individuals on August 1, Check Exposure Via Haveibeenpwned Or Google Password Checkup., Be Vigilant For Phishing Attempts And Identity Theft (E.G., Fraudulent Loans, Tax Filings)., Consider Freezing Credit Reports If Ssns Were Exposed., , Two years of identity monitoring services provided to impacted individuals, Google'S Global Security Advisory To Users, Google Urged Users To Enable Advanced Security Measures (E.G., Phishing-Resistant Mfa), , Mid-Sized Firms Urged To Adopt Cyber Insurance And Basic Controls., Retailers Advised To Secure Customer Data And Supply Chains., Eu Organizations Must Prepare For Dora/Nis2 Compliance Deadlines., Monitor Financial Accounts For Fraud (If Data Breached)., Report Suspicious Communications (E.G., Phishing, Fake Support Calls)., , All Companies Notified Affected Individuals And Offered Credit Monitoring, Westjet: Encouraged Staff/Customers To Exercise Caution; Allianz/Motility: Provided Identity Protection Services, , Fbi Notification, Public Disclosure Via Maine Ag Office, Written Notifications Sent To Affected Individuals (Starting 2025-08-01)., Offer Of 2 Years Of Kroll Identity Monitoring Services (Single-Bureau Credit Monitoring, Fraud Consultation, Identity Theft Restoration)., Guidance On Protective Measures (Mfa, Credit Freezes, Vigilance Against Phishing)., , Heightened Risk During Holiday Seasons (Black Friday To Year-End)., Smes Urged To Adopt Cyber Insurance And Basic Hygiene Measures., Large Firms Advised To Share Threat Intelligence With Supply Chains., Retail Customers: Monitor Financial Accounts For Fraud During Holidays., Sme Customers: Implement Multi-Factor Authentication (Mfa) And Backups. and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach ALL547072725
Entry Point: Third-party, cloud-based CRM system
Incident : Data Breach ALL548072725
Entry Point: Third-party Cloud-based System
Incident : Data Breach ALL550072725
Entry Point: Third-party, cloud-based CRM system
Incident : Data Breach ALL832080125
Entry Point: Third-party cloud-based CRM system
Incident : Data Breach ALL316081425
Entry Point: Likely via compromised Salesforce instances
High Value Targets: Customer Pii, Business Partner Data,
Data Sold on Dark Web: Customer Pii, Business Partner Data,
Incident : Data Breach ALL505090325
Entry Point: IT Helpdesk Impersonation via Vishing Calls
High Value Targets: Salesforce Admins, It Support Staff, Executives With Cloud Access,
Data Sold on Dark Web: Salesforce Admins, It Support Staff, Executives With Cloud Access,
Incident : Ransomware ALL4362043100125
Entry Point: Compromised Credentials (Most Common), Phishing Emails, Fake Help Desk Calls (E.G., Scattered Spider), Exploited Vulnerabilities In Supply Chain,
Reconnaissance Period: Often <24 hours (rapid movement to ransomware)
High Value Targets: Retailer Databases (Pii/Payment Data), Manufacturing Supply Chain Systems, Cloud-Stored Corporate Data,
Data Sold on Dark Web: Retailer Databases (Pii/Payment Data), Manufacturing Supply Chain Systems, Cloud-Stored Corporate Data,
Incident : Data Breach ALL2292722100125
Entry Point: Third-Party Crm Provider (Allianz Life),
High Value Targets: Customer Pii (All Three Companies),
Data Sold on Dark Web: Customer Pii (All Three Companies),
Incident : Data Breach ALL2592725100125
Entry Point: Third-Party Cloud-Based CRM System (via Social Engineering)
High Value Targets: Customer Pii (Ssns, Dates Of Birth, Email Addresses),
Data Sold on Dark Web: Customer Pii (Ssns, Dates Of Birth, Email Addresses),
Incident : Ransomware ALL0293402100925
Entry Point: Social Engineering (Employee Impersonation), Digital Supply Chain Exploits, Unpatched Vulnerabilities (Smes),
High Value Targets: Retail Sector (Pii, Payment Data), Manufacturing (Ip, Operational Data), Professional Services (Client Data),
Data Sold on Dark Web: Retail Sector (Pii, Payment Data), Manufacturing (Ip, Operational Data), Professional Services (Client Data),
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach ALL547072725
Root Causes: Social engineering attacks
Incident : Data Breach ALL316081425
Root Causes: Unspecified Vulnerability In Salesforce Or Related Systems, Possible Insufficient Access Controls Or Monitoring, Failure To Prevent Data Exfiltration Post-Compromise,
Incident : Data Breach ALL505090325
Root Causes: Over-Reliance On Traditional Mfa (Sms/Email Codes) Susceptible To Vishing., Lack Of Employee Awareness/Training On Ai-Enhanced Social Engineering., Insufficient Verification Protocols For High-Privilege Access Requests., Cloud Platform (Salesforce) Becoming A Single Point Of Failure For Multiple Organizations' Data.,
Corrective Actions: Migrate To Phishing-Resistant Mfa Across All Systems., Implement Behavioral Analytics For Voice-Based Authentication Attempts., Establish Cross-Company Red-Team Exercises Focusing On Vishing Scenarios., Enhance Logging/Monitoring For Unusual Access Patterns In Cloud Platforms., Develop Playbooks For Responding To Collaborative Cybercrime Group Attacks.,
Incident : Ransomware ALL4362043100125
Root Causes: Lack Of Basic Controls (Mfa, Patching) In Smes, Over-Reliance On Perimeter Security (No Segmentation), Poor Employee Training On Social Engineering, Supply Chain/Vendor Security Gaps, Delayed Detection And Response,
Corrective Actions: Mandate Mfa And Least-Privilege Access., Implement Network Segmentation And Zero-Trust Principles., Conduct Regular Phishing Simulations And Security Training., Audit Third-Party Vendors For Cybersecurity Risks., Deploy Edr/Xdr For Early Threat Detection., Test Backups And Incident Response Plans Quarterly.,
Incident : Data Breach ALL2292722100125
Corrective Actions: Credit Monitoring Services, Customer Notifications,
Incident : Data Breach ALL2592725100125
Root Causes: Successful Social Engineering Attack Targeting Third-Party Crm Vendor., Impersonation Of It Personnel To Gain Unauthorized Remote Access., Exploitation Of Salesforce Data Loader Tool (Suspected).,
Incident : Ransomware ALL0293402100925
Root Causes: Inadequate Detection/Response (Smes), Over-Reliance On Digital Supply Chains, Lack Of Employee Awareness (Social Engineering), Seasonal Operational Strains (E.G., Holiday Staffing),
Corrective Actions: Mandate Cyber Insurance For Smes In High-Risk Sectors., Expand Law Enforcement Coordination For Ransomware Disruption., Promote Adoption Of Nist/Cis Controls For Baseline Security., Incentivize Threat Intelligence Sharing Among Industries.,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Kroll, Cyber Insurance Providers (E.G., Allianz), Forensic Investigators, Legal Counsel, , Early detection reduced losses by 1,000x, Forensic Investigators (Implied), , Cybersecurity Experts (Unnamed), Kroll (Identity Monitoring Services), , Cyber Insurance Providers (E.G., Allianz Commercial), Law Enforcement (International Coordination), , .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Migrate To Phishing-Resistant Mfa Across All Systems., Implement Behavioral Analytics For Voice-Based Authentication Attempts., Establish Cross-Company Red-Team Exercises Focusing On Vishing Scenarios., Enhance Logging/Monitoring For Unusual Access Patterns In Cloud Platforms., Develop Playbooks For Responding To Collaborative Cybercrime Group Attacks., , Mandate Mfa And Least-Privilege Access., Implement Network Segmentation And Zero-Trust Principles., Conduct Regular Phishing Simulations And Security Training., Audit Third-Party Vendors For Cybersecurity Risks., Deploy Edr/Xdr For Early Threat Detection., Test Backups And Incident Response Plans Quarterly., , Credit Monitoring Services, Customer Notifications, , Mandate Cyber Insurance For Smes In High-Risk Sectors., Expand Law Enforcement Coordination For Ransomware Disruption., Promote Adoption Of Nist/Cis Controls For Baseline Security., Incentivize Threat Intelligence Sharing Among Industries., .
Additional Questions
General Information
Has the company ever paid ransoms ?
Ransom Payment History: The company has Paid ransoms in the past.
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Scattered Spider (UNC3944, Octo Tempest), Malicious Threat Actor, ShinyHunters, ShinyHuntersScattered SpiderLapsu$, ShinyHuntersScattered Spider (UNC3944, Scatter Swine, Oktapus, Octo Tempest, Storm-0875, Muddled Libra)Lapsus$, Scattered SpiderOpportunistic Cybercriminal GroupsInitial Access Brokers (IABs)Ransomware-as-a-Service (RaaS) Affiliates, Scattered Spider (WestJet)Unnamed actor (Allianz Life)Unnamed actor (Motility Software Solutions) and ShinyHunters (suspected).
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2025-07-16.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-06-30.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Personally identifiable information, Personally Identifiable Information, , Personally Identifiable Information, Full names, Postal addresses, Dates of birth, Social Security numbers (SSNs), , Personal Information, Names, Addresses, Phone Numbers, Dates of Birth, Tax Identification Numbers, Social Security Numbers, Business Partner Records, , names, addresses, phone numbers, emails, , Customer Records, Corporate Partner Data, , Personal Data (Retailers), Customer Records, Payment Information, Sensitive Corporate Data, , , Names, Addresses, Dates of Birth, Social Security Numbers, Email Addresses, , Sensitive Personal Data, Sme Ransomware Breaches: 88% (vs. 39% in large firms), Large Claims With Data Theft: 40% (up from 25% in 2024), Personally Identifiable Information: True, , Sme Ransomware Breaches: 88% (vs. 39% in large firms), Large Claims With Data Theft: 40% (up from 25% in 2024), Personally Identifiable Information: True and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Third-party Cloud-based System and and and Salesforce Instances and Salesforce Customer Management Platform and Retailer IT SystemsManufacturing Supply ChainsProfessional Services FirmsCloud Environments and CRM systems (Allianz Life)Online services and mobile app (WestJet)Internal systems (Motility Software Solutions) and Third-Party Cloud-Based CRM System.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Kroll, cyber insurance providers (e.g., allianz), forensic investigators, legal counsel, , forensic investigators (implied), , cybersecurity experts (unnamed), kroll (identity monitoring services), , cyber insurance providers (e.g., allianz commercial), law enforcement (international coordination), .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Immediate action to contain and mitigate the issue, Immediate action to contain and mitigate the issue, Measures to contain the intrusion, Network SegmentationIsolation of Affected SystemsRevoking Compromised Credentials, Isolation of Compromised Third-Party CRMInternal Investigation, Early Detection/Response (Reduces Costs by 1 and000x)Business Continuity Plans.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Phone Numbers, Personally identifiable information, Full names, Sensitive Corporate Data, phone numbers, addresses, Dates of Birth, Names, Social Security Numbers, Payment Information, Corporate Partner Data, Personally Identifiable Information, Dates of birth, Business Partner Records, Tax Identification Numbers, Customer Records, emails, Sensitive Personal Data, names, Email Addresses, Addresses, Postal addresses, Personal Information, Personal Data (Retailers) and Social Security numbers (SSNs).
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 92.0M.
Ransomware Information
What was the highest ransom paid in a ransomware incident ?
Highest Ransom Paid: The highest ransom paid in a ransomware incident was Likely not paid (data leaked).
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was 1,500+ privacy litigation cases (US, 2024).
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Seasonal risks (e.g., Black Friday) require heightened vigilance.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Implement MFA and network segmentation to limit lateral movement., Enforce multi-layer verification for sensitive actions (e.g., on-camera ID checks, challenge questions not publicly available)., Train employees on social engineering (e.g., phishing, fake help desk calls)., Educate customers on phishing risks and fraud prevention., Enhance employee training to counter social engineering (e.g., impersonation attacks)., Conduct regular vishing simulation exercises for employees, especially IT helpdesk and support teams., Deploy AI-based anomaly detection for voice communications in call centers/IT support., Collaborate with industry peers to share threat intelligence on emerging vishing tactics., Assess third-party/supplier cybersecurity risks., Regularly review financial statements for unauthorized activity., Adopt cyber insurance to mitigate financial and operational risks., Conduct a forensic audit of Salesforce and related systems., Prepare for DORA/NIS2 compliance if operating in the EU., Implement robust detection/response capabilities (e.g., EDR, SIEM)., Offer credit monitoring/identity theft protection to affected customers., Adopt zero-trust principles, particularly for cloud-based CRM/ERP platforms., Prioritizing digital security and comprehensive risk management., Third-party vendors should enhance security protocols against social engineering attacks., Leverage cyber insurance for risk transfer and incident response support., Remain vigilant against phishing and credential stuffing attempts., Place fraud alerts or credit freezes with major credit bureaus., Implement phishing-resistant MFA (e.g., FIDO2, number matching, geo-verification)., Monitor dark web/Telegram channels for further leaks., Enhanced cybersecurity measures across the insurance industry, Prepare for seasonal threats (e.g., holiday shopping periods)., Monitor dark web for stolen data (especially for SMEs)., Monitor dark web/Telegram channels for leaked credentials or extortion announcements., Use tabletop exercises to test incident response plans., Implement stricter access controls and anomaly detection for cloud platforms., Monitor dark web for stolen credentials/data., Enable multi-factor authentication (MFA) on sensitive accounts., Develop and test business continuity plans to reduce interruption costs., Strengthen data privacy compliance to avoid regulatory fines., Prioritize supply chain security and third-party risk management. and Conduct regular patching and backup testing..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Company spokesperson Brett Weinberg, Have I Been Pwned (Breach Monitoring Service), Maine Attorney General’s Office (Motility filing), The Register, TechRadar, TechCrunch, Maine Attorney General’s Office (WestJet filing), Reuters (Reporting by Juby Babu; Editing by Mohammed Safi Shamsi and Alan Barona), Allianz Cyber Security Resilience 2025 Report, Google Password Checkup, Verizon Data Breach Investigations Report (DBIR), Google Security Advisory (2.5B User Alert), Have I Been Pwned, Maine Attorney General’s Office Filing, The Conversation (Article on ShinyHunters Vishing Attacks), Allianz Risk Barometer, Allianz Commercial - Global Cyber Insurance Market Projections, Telegram Post by ShinyHunters (Allianz Life Data Dump), BleepingComputer, Maine Office of the Attorney General, Company Statement, Allianz Commercial - Cyber Security Resilience Outlook (2025 Mid-Year Report), Maine Attorney General’s Office (Allianz Life filing) and HaveIBeenPwned.
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://haveibeenpwned.com, https://passwords.google.com/checkup, https://www.allianz.com/en/press/news/reports/250627-cyber-security-resilience-2025.html, https://commercial.allianz.com/en/insights/press-releases/cyber-insurance-market-to-double-by-2030.html, https://www.theregister.com/2023/10/XX/allianz_westjet_motility_breaches/, https://haveibeenpwned.com .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Google's global security advisory to users, Mid-sized firms urged to adopt cyber insurance and basic controls., Retailers advised to secure customer data and supply chains., EU organizations must prepare for DORA/NIS2 compliance deadlines., All companies notified affected individuals and offered credit monitoring, FBI Notification, Public Disclosure via Maine AG Office, Heightened risk during holiday seasons (Black Friday to year-end)., SMEs urged to adopt cyber insurance and basic hygiene measures., Large firms advised to share threat intelligence with supply chains., .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Planned around August 1, 2025, , Placeholder notification issued, Notifying affected individuals on August 1, Check exposure via HaveIBeenPwned or Google Password Checkup.Be vigilant for phishing attempts and identity theft (e.g., fraudulent loans, tax filings).Consider freezing credit reports if SSNs were exposed., Two years of identity monitoring services provided to impacted individuals, Google urged users to enable advanced security measures (e.g., phishing-resistant MFA), Monitor financial accounts for fraud (if data breached).Report suspicious communications (e.g., phishing, fake support calls)., WestJet: Encouraged staff/customers to exercise caution; Allianz/Motility: Provided identity protection services, Written notifications sent to affected individuals (starting 2025-08-01).Offer of 2 years of Kroll Identity Monitoring Services (single-bureau credit monitoring, fraud consultation, identity theft restoration).Guidance on protective measures (MFA, credit freezes, vigilance against phishing). and Retail customers: Monitor financial accounts for fraud during holidays.SME customers: Implement multi-factor authentication (MFA) and backups.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Third-party cloud-based CRM system, Third-party Cloud-based System, IT Helpdesk Impersonation via Vishing Calls, Third-Party Cloud-Based CRM System (via Social Engineering), Likely via compromised Salesforce instances, Third-party and cloud-based CRM system.
What was the most recent reconnaissance period for an incident ?
Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was Often <24 hours (rapid movement to ransomware).
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Social engineering attacks, Unspecified vulnerability in Salesforce or related systemsPossible insufficient access controls or monitoringFailure to prevent data exfiltration post-compromise, Over-reliance on traditional MFA (SMS/email codes) susceptible to vishing.Lack of employee awareness/training on AI-enhanced social engineering.Insufficient verification protocols for high-privilege access requests.Cloud platform (Salesforce) becoming a single point of failure for multiple organizations' data., Lack of Basic Controls (MFA, Patching) in SMEsOver-Reliance on Perimeter Security (No Segmentation)Poor Employee Training on Social EngineeringSupply Chain/Vendor Security GapsDelayed Detection and Response, Successful social engineering attack targeting third-party CRM vendor.Impersonation of IT personnel to gain unauthorized remote access.Exploitation of Salesforce Data Loader tool (suspected)., Inadequate Detection/Response (SMEs)Over-reliance on Digital Supply ChainsLack of Employee Awareness (Social Engineering)Seasonal Operational Strains (e.g., Holiday Staffing).
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Migrate to phishing-resistant MFA across all systems.Implement behavioral analytics for voice-based authentication attempts.Establish cross-company red-team exercises focusing on vishing scenarios.Enhance logging/monitoring for unusual access patterns in cloud platforms.Develop playbooks for responding to collaborative cybercrime group attacks., Mandate MFA and least-privilege access.Implement network segmentation and zero-trust principles.Conduct regular phishing simulations and security training.Audit third-party vendors for cybersecurity risks.Deploy EDR/XDR for early threat detection.Test backups and incident response plans quarterly., Credit monitoring services, customer notifications, Mandate cyber insurance for SMEs in high-risk sectors.Expand law enforcement coordination for ransomware disruption.Promote adoption of NIST/CIS Controls for baseline security.Incentivize threat intelligence sharing among industries..
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=allianz-technology' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
