Allianz Life’s recent investigation into a cyberattack it suffered in July has concluded, revealing that nearly 1.5 million individuals were impacted. The American insurance company is now notifying all potentially affected individuals, including customers, financial professionals, and employees, that their personal information—names, addresses, dates of birth, and Social Security numbers—was compromised in the breach.
In late July, American insurer Allianz Life publicly disclosed that it had suffered a cyberattack that impacted many of its customers. The breach was the result of a threat actor gaining access to a third-party, cloud-based Customer Relationship Management (CRM) system that the company used. Although the company did not officially confirm the source of the attack, cybersecurity news outlet BleepingComputer has since learned that the breach was likely carried out by the ShinyHunters extortion group, as part of a larger wave of attacks targeting Salesforce.
Three weeks after the incident was first disclosed, the data breach notification service Have I Been Pwned obtained the breached data and reported that the number of impacted individuals was 1.1 million. However, Allianz Life has since completed its investigation and determined that the total number of persons affected is higher, at 1,497,036. This number includes not only customers, but also financial professionals and company employees.
According to a notice from Allianz Life, “a malicious threat actor gained access to a cloud-based system used by Allianz Life” on July 16, 2025. The notice confirms that the threat actor was able to obtain certain personal information related to the company’s customers, financial professionals, and select employees. While Have I Been Pwned had previously reported that the breached data included email addresses, genders, and phone numbers, the official company notification only lists names, addresses, dates of birth, and Social Security numbers as being compromised.
To help mitigate the risk of identity theft, Allianz Life has included instructions for affected individuals to enroll in a free two-year identity theft monitoring service from Kroll. The company has also set up a dedicated support team that can be reached by phone to answer any customer questions about the incident.
The company advises all potentially impacted individuals to remain vigilant against unsolicited communications, enable credit monitoring, and consider placing a credit freeze on their accounts. These steps can help protect them from potential fraud or misuse of their personal information following the breach.
Reference:
