What vulnerability was exploited in the Allianz UK attack?

The attack exploited CVE-2025-61882, a zero-day vulnerability with a CVSS score of 9.8. This vulnerability allowed attackers to gain access to Allianz UK's Oracle E-Business Suite platform.

What type of data was compromised in the Allianz UK breach?

The exposed data is described as customer information, though Allianz UK has not disclosed details beyond this general description.

Who claimed responsibility for the Allianz UK cyberattack?

The Clop ransomware gang claimed responsibility for the cyberattack on Allianz UK.

Was Liverpool Victoria (LV) affected by the breach?

No, Liverpool Victoria (LV) was not affected. While cybercriminals initially claimed to have breached LV, which is an Allianz UK subsidiary, Allianz UK confirmed that the actual target was its own systems and there was no impact on LV pension customers or related infrastructure.

What actions did Allianz UK take after the breach?

Allianz UK contacted all 750 impacted individuals directly and offered support services. The company also reported the incident to the United Kingdom's Information Commissioner's Office (ICO).

Incident

Allianz UK reports breach through compromise of Oracle E-Business Suite

Q: What happened to Allianz UK?

Allianz UK was compromised in a cyberattack claimed by the Clop ransomware gang, which exploited a zero-day vulnerability in Oracle E-Business Suite (EBS) systems. Customer data was compromised after cybercriminals initially claimed to have breached its subsidiary, Liverpool Victoria (LV), but Allianz UK clarified that the actual target was its own systems with no impact on LV pension customers or related infrastructure.

Q: Is this the first Allianz breach in 2025?

No, this incident is separate from a previous breach that affected Allianz Life, the company's United States subsidiary, in July 2025.

published: Nov. 10, 2025

Learn More

Allianz UK is reporting that it was compromised in a cyberattack claimed by the Clop ransomware gang, which exploited a zero-day vulnerability in Oracle E-Business Suite (EBS) systems. The insurance giant reports that customer data was compromised after cybercriminals initially claimed to have breached its subsidiary, Liverpool Victoria (LV). Allianz UK claims that the actual target was its own systems, with no impact on LV pension customers or related infrastructure.

The attack exploited CVE-2025-61882 (CVSS score 9.8), which allowed attackers access to Allianz UK's Oracle EBS platform. The exposed data is not disclosed in detail other than reporting "Customer information".

A total of 750 Allianz UK customers were affected by the breach, comprising 80 current policyholders and 670 former customers. All impacted individuals have been contacted directly by the company and offered support services. Allianz UK has reported the incident to the United Kingdom's Information Commissioner's Office (ICO).

This incident is separate from a previous breach that affected Allianz Life, the company's United States subsidiary, in July 2025.

Allianz UK reports breach through compromise of Oracle E-Business Suite