A massive data breach at Allianz Life has compromised the personal information of over one million U.S. customers, part of a wave of global attacks tied to a notorious hacking group.
Quick Summary – TLDR:
- Hackers accessed Allianz Life’s cloud-based Salesforce system, stealing data on 1.1 million people
- Exposed details include names, emails, phone numbers, birthdates, and some Social Security numbers
- The breach is linked to the ShinyHunters group, behind recent attacks on tech giants like Google and Workday
- Allianz is offering identity monitoring services while an investigation continues
What Happened?
In mid-July, Allianz Life fell victim to a targeted cyberattack that breached its Salesforce-hosted customer database. The breach was disclosed publicly in late July, but fresh details have emerged through data breach tracking site Have I Been Pwned. It’s now confirmed that 1.1 million customers had personal data stolen.
The Salesforce Entry Point
The breach originated from a third-party cloud-based customer relationship management (CRM) system, which BleepingComputer identified as Salesforce. Hackers exploited a known weakness by tricking employees into connecting a malicious OAuth app to the system. This allowed attackers to extract massive datasets without triggering immediate alarms.
- Date of Breach: July 16, 2025
- System compromised: Salesforce CRM
- Stolen information includes:
- Names, genders, and dates of birth
- Email and physical addresses
- Phone numbers
- In some cases, Social Security numbers and tax identification numbers
Allianz Life, a subsidiary of global insurance giant Allianz SE, serves about 1.4 million customers in the U.S. The leaked database also contains records from financial advisors, brokers, and wealth management firms tied to Allianz’s services.
New breach: Allianz Life had 1.1M unique email addresses breached last month via a social engineering attack. Data included name, phone number, physical address, DoB and gender. 72% were already in @haveibeenpwned. Read more: https://t.co/0o8j7qu8eO
— Have I Been Pwned (@haveibeenpwned) August 18, 2025
ShinyHunters Behind the Attack
Cybersecurity investigators have traced this attack to ShinyHunters, an extortionist group responsible for a wave of recent high-profile intrusions. Their tactics involve social engineering, targeting employees to gain access to internal systems. Once inside, they exfiltrate sensitive databases and demand payment to prevent public leaks.
This campaign has affected a long list of major corporations, including:
The group is now reportedly preparing a public leak portal to pressure victims. Their behavior has been compared to ransomware operations, though they often skip encryption and go straight to extortion.
Allianz’s Response
An Allianz Life spokesperson said the company is continuing its internal investigation and has not commented on the total number of victims. However, it has notified regulators in states like Texas and Massachusetts, disclosing that Social Security numbers were among the stolen data in some cases.
To mitigate the damage, Allianz Life is offering two years of identity monitoring services to all affected individuals.
SQ Magazine Takeaway
I’ve seen plenty of data breaches, but this one’s different because it shows just how vulnerable even cloud giants like Salesforce can be when human error opens the door. If you’re an Allianz Life customer, this is serious. Hackers now have enough information to pull off identity theft, phishing scams, or worse. I think every company using third-party platforms needs to rethink their access controls and staff training. This isn’t just about firewalls anymore. It’s about trust.
