Allianz Life, a U.S. subsidiary of Allianz SE, disclosed last month that information belonging to the majority of its 1.4 million customers was stolen by attackers who gained access to a third-party cloud CRM system. The breach occurred on July 16th. While the company did not name the provider of the compromised cloud system at the time, the breach was part of a larger wave of Salesforce-targeted data theft attacks.
The threat actors behind the attack are believed to be the ShinyHunters extortion group, a well-known entity linked to several high-profile breaches over the years. The group has since leaked the stolen databases, which contain approximately 2.8 million data records for individual customers and business partners, including financial advisors and wealth management companies.
On Monday, a data breach notification service revealed the extent of the incident, reporting that the email addresses, names, genders, dates of birth, phone numbers, and physical addresses of 1.1 million Allianz Life customers were stolen. It has also been confirmed by multiple affected individuals that their data, including tax IDs, phone numbers, and email addresses, found in the leaked files is accurate.
The attacks are believed to have started at the beginning of the year. The method used involved tricking employees into linking a malicious OAuth app to their company’s Salesforce instance. Once connected, the attackers were able to download and steal company databases. The data was then used to extort victims via email, with the demands signed as coming from ShinyHunters.
This campaign also breached other high-profile companies worldwide, including Google, Adidas, Qantas, Louis Vuitton, Dior, Tiffany & Co., and Chanel. Most recently, human resources giant Workday was also impacted.
Reference:
