Allianz Life says majority of 1.4 million US customers’ info breached

Insurance company Allianz Life was breached, exposing the data of most of its 1.4 million American customers.

According to Allianz, an attacker gained access to a third-party, cloud-based Customer Relationship Management (CRM) system through social engineering. The company filed a data breach notification with the Attorney General of the US state of Maine on Friday July 25, 2025.

The incident reportedly took place on July 16, 2025 and was discovered one day later. According to a spokesperson:

“The threat actor was able to obtain personally identifiable data related to the majority of Allianz Life’s customers, financial professionals, and select Allianz Life employees, using a social engineering technique.”

Although the company did not disclose an exact number of affected people, the Allianz Life has 1.4 million customers in the US. Its parent company, Allianz, has more than 125 million customers worldwide.

Allianz Life did not disclose the exact CRM system involved. However, in June, Google warned about a ransomware group that was specializing in voice phishing (vishing) campaigns that are specifically designed to compromise organizations’ Salesforce instances for large-scale data theft and extortion.

Google tracks this group as UNC6040, which the cybersecurity community commonly calls “The Com.” The group called Scattered Spider likely is the most well-known entity associated with The Com. Earlier this month we reported that Scattered Spider breached Australia’s largest airline Qantas by gaining access to a third-party platform, utilizing social engineering.

If Scattered Spider was indeed behind the Allianz data breach, they will extort the company by threatening to release the acquired data or sell it to the highest bidder.

The data breach notification indicates that Allianz plans to start informing affected consumers as of August 1, 2025.

Protecting yourself after a data breach

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened and follow any specific advice they offer.
Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims and verify the identity of anyone who contacts you using a different communication channel.
Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
Consider not storing your card details. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online and helps you recover after.