Allianz Life Discloses Data Breach Impacting Majority of Customers

An Allianz Life cloud system breach exposes sensitive personal data in targeted social engineering attack.

Breach exposes data of over a million customers

Personal information of most of Allianz Life Insurance’s 1.4 million policyholders was compromised  July 16 when a criminal infiltrated a third-party cloud-based customer relationship management (CRM) platform it uses, the company has confirmed.

The perpetrator used a social engineering technique to access sensitive information belonging to customers, financial professionals and some company employees.

Company responds as investigation unfolds

Allianz Life said in a statement that it took “immediate action” to mitigate the damage and notified the FBI shortly after discovering the breach. The company added that the intrusion was confined to the external CRM system and did not spread to its internal policy management infrastructure.

While the full scope of the breach has yet to be disclosed, the company has begun notifying affected individuals and establishing dedicated support resources. Allianz Life also said the incident only affected its US life insurance operations, and not the broader Allianz SE group.

ShinyHunters believed to be behind the attack

Although Allianz has not disclosed the identity of the attackers, cybersecurity sources indicated the breach may be linked to the notorious ShinyHunters group, according to BleepingComputer.

This cybercrime syndicate has been linked to the high-profile data breaches of Pizza Hut Australia, Ticketmaster and others.

ShinyHunters is notorious for its sophisticated social engineering tactics, particularly targeting users by impersonating IT staff. These attacks often lead to the siphoning of large datasets for use in extortion.

Preparing for data breaches

Although as a customer there is little you can do to prevent breaches from jeopardizing your personal data, that doesn’t mean you shouldn’t be prepared.

Dedicated software like Bitdefender Digital Identity Protection can help you monitor your online data, including traces from services you no longer use.

It constantly scans both the public and Dark Web, notifies you if you have been compromised by a breach, and helps you patch weak spots in your digital footprint with quick, one-click action items.