Allianz Life breach exposed data of most of its 1.4M customers; HIBP lists 1.1M impacted, though the insurer hasn’t confirmed exact figures.
In July, Allianz Life disclosed a breach where hackers stole data from a cloud database, affecting most of its 1.4M customers and staff. Now, the data breach notification site Have I Been Pwned reports 1.1M impacted, though Allianz has not confirmed exact numbers.
At the end of July, Allianz Life confirmed a data breach exposing personal information of most of its 1.4 million customers. On July 16, 2025, a threat actor accessed a third-party CRM system using social engineering, compromising the data of customers, financial professionals, and some employees.
When reached by TechCrunch, Allianz Life spokesperson Brett Weinberg confirmed the breach.
“On July 16, 2025, a malicious threat actor gained access to a third-party, cloud-based CRM system used by Allianz Life,” the company spokesperson Brett Weinberg told TechCrunch. “The threat actor was able to obtain personally identifiable data related to the majority of Allianz Life’s customers, financial professionals, and select Allianz Life employees, using a social engineering technique,”
The Insurance firm stated that it took immediate action to contain and mitigate the incident and notified the FBI. The company emphasized that, so far, there is no evidence that its internal network or critical systems, including its policy administration system, were accessed. The investigation is still ongoing, and Allianz Life has begun notifying affected individuals, offering dedicated support.
The company disclosed the data breach in a filing with Maine’s Attorney General’s Office.
According to Have I Been Pwned, the incident affected 1.1 million customers. Exposed data includes dates of birth, email addresses, genders, names, phone numbers, and physical addresses.
Although Allianz Life declined to name the threat actor behind the attack, Bleeping Computer reported the breach is believed to be linked to the ShinyHunters group.
ShinyHunters is a popular hacking crew that is known to have offered for sale data stolen from tens of major organizations, including Tokopedia, Homechef, Chatbooks.com, Microsoft, Santander, Ticketmaster, and AT&T.
Over the weekend, ShinyHunters and other hacking crews (“Scattered Spider” and “Lapsus$“) formed a Telegram channel “ScatteredLapsuSp1d3rHunters” to claim credit and taunt over major breaches, including Allianz Life’s leaked Salesforce data.
Threat actors claimed responsibility for the Allianz Life attack and leaked complete databases stolen from the company’s Salesforce instances. The leaked files include Salesforce “Accounts” and “Contacts” tables, containing about 2.8 million records of individual customers and business partners. The exposed data includes sensitive personal details such as names, addresses, phone numbers, birth dates, and Tax IDs, alongside professional info like licenses, firm affiliations, product approvals, and marketing classifications.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, data breach)