Allianz Life data breach exposed data of most of 1.4M customers via third-party CRM hack using social engineering.
Allianz Life confirmed a data breach exposing personal information of most of its 1.4 million customers. On July 16, 2025, a threat actor accessed a third-party CRM system using social engineering, compromising the data of customers, financial professionals, and some employees.
When reached by TechCrunch, Allianz Life spokesperson Brett Weinberg confirmed the breach.
“On July 16, 2025, a malicious threat actor gained access to a third-party, cloud-based CRM system used by Allianz Life,” the company spokesperson Brett Weinberg told TechCrunch. “The threat actor was able to obtain personally identifiable data related to the majority of Allianz Life’s customers, financial professionals, and select Allianz Life employees, using a social engineering technique,”
The Insurance firm stated that it took immediate action to contain and mitigate the incident and notified the FBI. The company emphasized that, so far, there is no evidence that its internal network or critical systems, including its policy administration system, were accessed. The investigation is still ongoing, and Allianz Life has begun notifying affected individuals, offering dedicated support.
The company disclosed the data breach in a filing with Maine’s Attorney General’s Office.
Allianz Life is among several insurance companies recently hit by cyberattacks, including Aflac, in a wave linked to the cybercrime group Scattered Spider.
Although Allianz Life declined to name the threat actor behind the attack, Bleeping Computer reported the breach is believed to be linked to the ShinyHunters group.
ShinyHunters is a popular hacking crew that is known to have offered for sale data stolen from tens of major organizations, including Tokopedia, Homechef, Chatbooks.com, Microsoft, Santander, Ticketmaster, and AT&T.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)
