Allianz Life discloses massive data breach linked to supply-chain attack

Allianz Life Insurance Company of North America on Friday disclosed a massive data breach affecting most of the firm’s 1.4 million U.S. customers, professionals and select employees.

In a statement, the Minneapolis-based insurance provider said a hacker used social engineering to breach one of its cloud vendors on July 16 and steal most of its customers’ personally identifiable information. The company said it discovered the intrusion the next day.

The breach was the result of a social engineering attack, according to the company’s filing with the Maine Attorney General’s office. Allianz said it responded immediately after discovering the hack and notified the FBI. 

The disclosure follows a months-long international attack spree linked to the cybercrime collective Scattered Spider, which has used voice phishing techniques to target a range of industries, including insurance providers. 

Last week, Philadelphia Indemnity Insurance disclosed a massive breach. And in June, Aflac and Erie Insurance disclosed that they had fallen victim to cyberattacks.

Allianz Life, a subsidiary of the German firm Allianz SE, said it had no evidence that the hacker had accessed the company’s own computer networks, including its policy administration system. 

The company’s filing with the Maine AG’s office includes a placeholder copy of its breach notice, with the company promising to share a full copy of the letter once it identifies all of the affected customers