2.8M Allianz Life customer records stolen in Salesforce hack

A sophisticated cyberattack on Allianz Life Insurance Company of North America has resulted in the breach of personal data belonging to a majority of its 1.4 million U.S. customers. The incident, which occurred on July 16, 2025, is believed to be the work of the notorious hacking group ShinyHunters or the financially motivated collective known as Scattered Spider.

The breach was not a direct assault on Allianz's own servers but rather a strike against a third-party cloud-based customer relationship management (CRM) system, widely reported to be Salesforce. The attackers employed social engineering techniques, specifically “vishing” or voice phishing, to trick employees into granting them access to the system. This method of attack, which relies on human manipulation rather than technical exploits, has become increasingly common in high-stakes cybercrime.

Once inside the CRM, the hackers were able to exfiltrate a vast trove of sensitive data, including customers’ full names, addresses, dates of birth, Social Security numbers, and policy information. Later reports indicated that as many as 2.8 million records were leaked online. The compromised information also extended to financial professionals and some Allianz Life employees.

Allianz Life, a subsidiary of the German financial services giant Allianz SE, confirmed the breach and stated that it took immediate action to contain the threat and notify the FBI. “The threat actor was able to obtain personally identifiable data related to the majority of Allianz Life’s customers, financial professionals, and select Allianz Life employees, using a social engineering technique,” a company spokesperson said in a statement. The company has emphasized that its internal systems, including its policy administration platform, were not affected by the breach.

In the wake of the attack, Allianz has begun notifying affected individuals and has offered them 24 months of free credit monitoring and identity theft protection services through Kroll. However, the company is already facing a class-action lawsuit filed on behalf of affected customers, alleging that the insurer failed to adequately protect their personal information.

Allianz Life Insurance Company of North America was sued by a Texas citizen seeking to represent a nationwide class of those impacted by a data breach announced by the carrier earlier this month. https://t.co/i9DwW5nFpp

— Bloomberg Law (@BLaw) July 30, 2025

 
The incident has sent ripples through the cybersecurity community. Security experts have pointed to the breach as a stark reminder of the vulnerabilities inherent in third-party vendor relationships (analysis) and the need for more robust security protocols, including encryption-in-use technology. As one expert from Paperclip Inc. noted, “The Allianz breach underscores a critical flaw in today’s data security stack-once attackers gain access, they often gain everything.”

Here’s a replacement paragraph in plain markdown you can paste into your editor:

The Allianz Life breach is part of a broader pattern rather than an isolated failure: in mid-2025 Google disclosed a nearly identical Salesforce intrusion driven by voice-phishing that coerced employees into approving a malicious connected app, enabling bulk data exports-details Google laid out in its incident update. Reporters have also tracked this as an ongoing wave of Salesforce data-theft attacks hitting multiple organizations, not just Google, with the same social-engineering playbook and extortion follow-ups documented here. Taken together, these cases underscore that modern risk often concentrates in third-party SaaS and the human layer-and they argue for hardening CRM platforms specifically: strict controls on connected-app approvals, out-of-band verification for MFA reset/IT calls, tight OAuth scope monitoring, IP allow-listing, and continuous user training.