Allianz Life data breach affects 1.1 million customers

In a significant security breach reported in July, Allianz Life, a major player in the U.S. insurance market, revealed that hackers successfully accessed the personal data of approximately 1.1 million customers. This alarming information was highlighted by the data breach notification platform, Have I Been Pwned. The company confirmed that the breach affected a substantial portion of its 1.4 million customers, as well as some employees, all of whom had their details compromised from a cloud-based customer relationship management database. Although Allianz Life has not provided a precise number of individuals impacted, the breach is extensive. According to Have I Been Pwned, the stolen data encompasses critical personal details, including names, genders, dates of birth, email addresses, home addresses, and phone numbers. These records originated from a database managed by Salesforce, a leading cloud service provider. Allianz Life also informed regulatory authorities in Texas and Massachusetts that Social Security numbers were part of the stolen information. Brett Weinberg, a spokesperson for Allianz Life, indicated that the investigation into the breach is still underway and declined to provide further comments to TechCrunch. This incident is part of a broader trend, as several prominent corporations have faced similar cyberattacks in recent months. The hacking group responsible, known as ShinyHunters, is notorious for utilizing social engineering tactics to deceive employees and gain access to sensitive company data. Other organizations, including tech giants like Google and Cisco, as well as airline company Qantas and retail chain Pandora, have also reported data thefts connected to Salesforce-hosted databases. ShinyHunters is reportedly setting up a data leak site, aiming to extort victims by demanding payment to erase the stolen data. This strategy mirrors tactics used by ransomware groups. The group is believed to have connections with other cybercriminal organizations, such as Scattered Spider and The Com, which engage in hacking, extortion, and even threats of violence to penetrate secure networks.