Allianz Life reports third party attack exposing most of 1.4 million customers
Learn More
Allianz Life Insurance of North America has confirmed that hackers successfully accessed and stole personal information belonging to the majority of its 1.4 million customers through a social engineering attack targeting a third-party cloud-based system.
The cyberattack occurred on July 16, 2025, when hackers gained access to a third-party, cloud-based customer relationship management (CRM) system used by Allianz Life. The company discovered the breach on July 17, 2025, began containment efforts and notified federal law enforcement authorities, including the FBI. Exposed data includes:
- Customer personal information and identifiers
- Financial professional data
- Select employee information
- All data stored within the affected CRM system
Allianz Life Insurance claims that its own internal network and other systems, were not accessed during the attack.
The breach impacts the "majority" of Allianz Life's 1.4 million customers, suggesting that approximately 700,000 to over 1 million individuals may be affected. The exact number has not been disclosed.
Security experts have attributed this attack to the Scattered Spider hacking collective.
The breach was later explained as voice phishing social engineering attack that enabled hackers to access the Salesforce instance of Allianz Life.
Allianz Life is providing affected individuals with 24 months of identity theft protection and credit monitoring services at no cost. The protection package includes credit monitoring, current credit reports, web monitoring, public persona monitoring, quick cash scanning, $1 million identity fraud loss reimbursement, fraud consultation, and identity theft restoration services.
The company plans to begin notifying affected individuals around August 1, 2025, and has urged customers to remain vigilant about potential misuse of their personal information.
Update - As of 12th of August, Hackers have leaked 2.8 million records stolen during the breach of the Salesforce instance of Allianz Life. The leaked data includes:
- names,
- addresses,
- phone numbers,
- dates of birth,
- Tax Identification Numbers
- licenses
- firm affiliations,
- product approvals,
- marketing classifications.
BleepingComputer was able to confirm with multiple people that their data in the leaked files is accurate, including their phone numbers, email addresses, tax IDs, and other information contained in the database.
As of 18th of August 2025, Have I Been Pwned, reports that they are documenting 1.1 million affected individuals. and that the exposed data includes:
- names,
- gender,
- date of birth,
- email and home addresses,
- phone numbers
As of 30th of September 2025, according to an update on the Maine Attorney General’s Office filing, the data breach impacted a total of 1,497,036 individuals nationwide.
