Massive Allianz Life data breach impacts 1.1 million people

Hackers have stolen the personal information of 1.1 million individuals in a Salesforce data theft attack, which impacted U.S. insurance giant Allianz Life in July. Allianz Life has nearly 2,000 employees in the United States and is a subsidiary of Allianz SE, which has over 128 million customers worldwide and ranks as the world's 82nd largest company based on revenue. As the company disclosed last month, information belonging to the "majority" of its 1.4 million customers was stolen by attackers who gained access to a third-party cloud CRM system on July 16th. While Allianz Life did not name the provider of the compromised cloud-based CRM system at the time of the disclosure, BleepingComputer first reported that the breach was part of a wave of Salesforce-targeted data theft attacks linked to the ShinyHunters extortion group. Since the attack, ShinyHunters has leaked the databases stolen from the company's Salesforce instances, containing roughly 2.8 million data records for individual customers and business partners, including wealth management companies, financial advisors, and brokers. On Monday, data breach notification service Have I Been Pwned revealed the extent of the incident, reporting that the email addresses, names, genders, dates of birth, phone numbers, and physical addresses of 1.1 million Allianz Life customers were stolen during the breach. BleepingComputer has also confirmed with multiple people affected by this breach that their data (including their tax IDs, phone numbers, email addresses, and other information) in the leaked files is accurate. Many other high-profile companies worldwide were also breached in this campaign, including Google, Adidas, Qantas, Louis Vuitton, Dior, Tiffany & Co., Chanel, and, most recently, human resources giant Workday. The attacks are believed to have begun at the start of the year, with the threat actors tricking employees into linking a malicious OAuth app to their company's Salesforce instance. Once connected, the attackers downloaded and stole company databases, later using the data to extort victims via email. These extortion demands were signed as coming from ShinyHunters, a well-known extortion group linked to a string of high-profile breaches over the years, including the Snowflake attacks and those against AT&T and PowerSchool. An Allianz Life spokesperson was not immediately available to confirm Have I Been Pwned's findings when contacted by BleepingComputer earlier today.