Hackers Leak 2.8 Million Sensitive Records from Allianz Life in Salesforce Data Breach

Recently, hackers leaked a staggering 2.8 million sensitive records from Allianz Life, one of the US's largest insurance companies, as part of an ongoing data breach on the Salesforce platform.

The breach, which was confirmed by Allianz Life spokesperson Brett Weinberg, exposed personal information of most of the company's 1.4 million customers, including business partners and financial professionals.

According to reports, the attack began when a threat actor gained access to a third-party CRM system used by Allianz Life on July 16, 2025, using social engineering tactics. The malicious actor obtained personally identifiable data related to the majority of Allianz Life's customers, financial professionals, and select employees.

The investigation into the breach is still ongoing, with Allianz Life taking immediate action to contain and mitigate the incident. The company has notified the FBI and emphasized that there is no evidence that its internal network or critical systems, including its policy administration system, were accessed.

What Data Was Leaked?

The leaked data includes sensitive personal details such as names, addresses, phone numbers, birth dates, and Tax IDs, alongside professional information like licenses, firm affiliations, product approvals, and marketing classifications.

A total of 2.8 million records were compromised, including:

  • Salesforce "Accounts" table: containing data on business partners
  • Salesforce "Contacts" table: containing data on individual customers
  • Other sensitive information, such as license details and firm affiliations

The Threat Actor Behind the Attack?

The breach is believed to be linked to the ShinyHunters group, a notorious hacking crew known for stealing data from major organizations.

Bleeping Computer reported that ShinyHunters offered the stolen data for sale, and the group has also claimed credit for other major breaches, including Tokopedia, Homechef, Chatbooks.com, Microsoft, Santander, Ticketmaster, and AT&T.

What's Next for Allianz Life?

Allianz Life has begun notifying affected individuals and offering dedicated support. The company has also disclosed the data breach in a filing with Maine's Attorney General's Office.

The investigation is still ongoing, and it remains to be seen how this breach will impact Allianz Life's reputation and business operations.

Stay Safe Online

As we see more data breaches like this one, it's essential to remember that online security is a shared responsibility. By being vigilant and taking steps to protect our personal information, we can reduce the risk of falling victim to these types of attacks.

Follow us on Twitter: @securityaffairs and Facebook for the latest updates on cybersecurity news and trends.