Have I Been Pwned has added Allianz Life to its breach notification database, confirming that cybercriminals compromised personal data belonging to more than 1.1 million individuals.
The breach stems from an attack on a cloud-based customer relationship management (CRM). Allianz Life disclosed the incident in a filing with the Maine attorney general’s office in late July.
“The threat actor was able to obtain personally identifiable data related to the majority of Allianz Life’s customers, financial professionals and select Allianz Life employees,” Brett Weinberg, a spokesperson for Allianz Life, said last month.
According to the Have I Been Pwned notification, the exposed data includes names, addresses, phone numbers, and emails addresses. While Allianz itself is yet to confirm the number of impacted users, the listing estimates the figure at just over 1.1 million.
A spokesperson said Allianz will be providing dedicated resources, including two years of identity monitoring services, to assist impacted individuals.
According to Boris Cipot, Senior Security Engineer at Black Duck, “this information in the hands of skilled attackers can be dangerous for the affected customers due to phishing attacks, social engineering, and identity theft.”
He recommends that customers make use of the identity monitoring services, as well as being wary of any emails or calls that request information from them.
“Banks or governmental institutions will never ask for personal data like passwords or anything similar over the phone,” he said.
Attribution remains uncertain. However, some researchers have speculated about possible links to the ShinyHunters cyber extortion group, which is believed to be responsible for other high-profile data thefts involving CRM platforms, such as Adidas, Qantas, Louis Vuitton, Dior, Tiffany & Co, Chanel, and Workday.
The Allianz Life incident is the latest addition to Have I Been Pwned’s repository, which tracks more than 700 data breaches and helps individuals check whether their personal information has been exposed.
Josh is a Content writer at Bora. He graduated with a degree in Journalism in 2021 and has a background in cybersecurity PR. He's written on a wide range of topics, from AI to Zero Trust, and is particularly interested in the impacts of cybersecurity on the wider economy.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.