Allianz Life Security Breach Impacted 1.1 Million Customers

In a shocking revelation, Allianz Life, a leading insurer with over 1.4 million customers, has been hit by a significant security breach. The incident, which occurred in July 2025, exposed sensitive personal and professional information of most of the company's customers, staff, and financial professionals.

The breach was uncovered when a threat actor accessed a third-party CRM system using social engineering tactics. The malicious actor gained unauthorized access to the system on July 16, 2025, compromising the data of approximately 1.1 million individuals, according to Have I Been Pwned, a data breach notification site.

The Nature of the Exposed Data

The stolen data includes a range of sensitive information, such as:

  • Names and addresses
  • Email addresses and phone numbers
  • Birth dates and Tax IDs
  • Licenses, firm affiliations, product approvals, and marketing classifications (for professional individuals)

The breach also exposed data from Allianz Life's Salesforce instances, including approximately 2.8 million records of individual customers and business partners.

The Implications of the Breach

Despite taking immediate action to contain and mitigate the incident, the company has not confirmed exact figures on the number of affected individuals. Allianz Life has notified the FBI and is working closely with law enforcement agencies to investigate the breach.

The company emphasized that there is no evidence to suggest that its internal network or critical systems were accessed during the incident.

The Suspects Behind the Breach

Although Allianz Life declined to name the threat actor behind the attack, Bleeping Computer reported that the breach is believed to be linked to the ShinyHunters group – a popular hacking crew known for stealing data from major organizations.

The ShinyHunters group has been linked to numerous high-profile breaches in recent months, including those at Tokopedia, Homechef, Chatbooks.com, Microsoft, Santander, Ticketmaster, and AT&T. The group is infamous for selling stolen data on the dark web.

What's Next for Allianz Life

The incident has prompted Allianz Life to take swift action to support affected individuals. The company has begun notifying those who have been impacted by the breach, offering dedicated support and resources to help them secure their personal data.

The investigation into the breach is ongoing, and the company remains committed to cooperating with law enforcement agencies and working towards resolving the incident as quickly as possible.

Stay tuned for further updates on this developing story, and follow us on Twitter: @securityaffairs and Facebook and Mastodon for the latest news and analysis on cybersecurity breaches and incidents.