Majority of Allianz Life Customer Data Compromised via Third-Party CRM Breach
Allianz Life Insurance Company of North America has disclosed a significant data breach that impacted personal information belonging to most of its 1.4 million customers. The incident, which occurred on July 16, 2025, stemmed from a compromise of a cloud-based customer relationship management (CRM) system operated by a third-party provider.
A company spokesperson confirmed the breach, stating:
“On July 16, 2025, a malicious threat actor gained access to a third-party, cloud-based CRM system used by Allianz Life Insurance Company of North America (Allianz Life). The threat actor was able to obtain personally identifiable data related to the majority of Allianz Life’s customers, financial professionals, and select Allianz Life employees, using a social engineering technique.”
According to the insurer, there is no indication that its core internal systems—such as its network or policy administration infrastructure—were accessed during the incident.
“We took immediate action to contain and mitigate the issue and notified the FBI. Based on our investigation to-date, there is no evidence the Allianz Life network or other company systems were accessed,” the spokesperson added.
Data Exposure Involves Customers, Employees, and Financial Professionals
The compromised data includes sensitive personally identifiable information (PII) linked to a wide range of stakeholders, including:
- Individual policyholders
- Financial professionals affiliated with Allianz Life
- A subset of Allianz Life employees
The company emphasized that the breach is limited to Allianz Life operations and does not impact other divisions of its parent company, Allianz SE.
Allianz Life has begun the process of contacting affected individuals. The company has also filed a preliminary notification with the Maine Attorney General’s Office, signaling its intent to provide consumer notices once all affected parties are fully identified.
“Our investigation is ongoing and we began the process of reaching out to individuals impacted with dedicated resources to assist them,” Allianz said in a statement.
Threat Actor Believed to Be ShinyHunters
While Allianz declined to disclose the identity of the threat actor or whether extortion demands were made, BleepingComputer has reported that the breach is believed to be the work of the ShinyHunters group.
ShinyHunters has been linked to several major data breaches in recent months, including attacks involving PowerSchool, AT&T, Santander, Ticketmaster, Neiman Marcus, and Cylance. The group is known for targeting third-party services, particularly cloud-based systems, as part of its operations.
Despite multiple arrests, including one in France this year, the group remains active. Just weeks before this incident, threat intelligence firm Mandiant had warned that ShinyHunters was using social engineering to target Salesforce CRM environments.
These recent attacks involve impersonating internal IT personnel and convincing victims to install or authorize connections to Salesforce Data Loader—a tool that allows export and manipulation of data from Salesforce platforms. Once access is granted, threat actors extract customer data and use it to pressure organizations.
While Allianz Life did not confirm whether the breached CRM was Salesforce, the company declined to answer direct questions about the software platform involved.
Allianz Life and Its Customer Base
Allianz Life is a major U.S. life insurance and annuity provider, serving over 1.4 million Americans. The company is a subsidiary of Allianz SE, a global financial group based in Germany that serves more than 128 million customers worldwide.
At the time of writing, no further details about the nature of the stolen data or how many individuals are confirmed impacted have been disclosed. The investigation is ongoing, and additional notifications are expected as Allianz Life continues its response efforts.
