Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Major US insurance firm Allianz Life has revealed that a cyber attack on its network has led to the exfiltration of personal data of a majority of its US customers.
Allianz Life Insurance Company of North America told media that it detected a cyber attack this month that led to personal data being exfiltrated.
“On July 16, 2025, a malicious threat actor gained access to a third-party, cloud-based CRM system used by Allianz Life,” said an Allianz Life spokesperson.
“The threat actor was able to obtain personally identifiable data related to the majority of Allianz Life’s customers, financial professionals, and select Allianz Life employees, using a social engineering technique.”
The company has also said that it took “immediate action” to contain the breach and had contacted the FBI.
It also said that there was “no evidence the Allianz Life network or other company systems were accessed, including our policy administration system”.
While the company did not disclose how many people were affected in its filing with the Maine Attorney General, the spokesperson said that a majority of the 1.4 million US customers were affected in the breach.
The company has not attributed the cyber attack to any hacking group yet, nor said if they had been notified by ransomware actors.
Allianz Life operates globally with 125 million customers worldwide. The company plans to notify its customers starting 1 August.
The world’s current most notorious hacking collective, Scattered Spider, was believed to have begun targeting US insurance companies back in June, according to Google threat intelligence researchers.
“Google Threat Intelligence Group is now aware of multiple intrusions in the US which bear all the hallmarks of Scattered Spider activity. We are now seeing incidents in the insurance industry,” John Hultquist, chief analyst at Google Threat Intelligence Group (GTIG), told tech and cyber publication BleepingComputer.
Hultquist said Scattered Spider typically focuses on one industry at a time, as was witnessed with the UK and US retail industries, and now appears to be targeting the US insurance industry.
He also said that companies in the industry should be on the lookout for social engineering attempts at call centres and help desks. Companies should also engage MFA, have good visibility over the entire organisation’s network and operations and require strong authentication criteria for accessing accounts.
Be the first to hear the latest developments in the cyber industry.
