Allianz Life Data Breach Exposes 1.1 Million Records, Says Security Expert Troy Hunt

Noted security researcher Troy Hunt, who operates the popular data breach repository Have I Been Pwned, stated that the data breach involving Allianz Life Insurance compromised 1.1 million personal data records.

 

Earlier this month, Allianz Life revealed in a filing with the Maine Attorney General’s Office that hackers had breached a third-party, cloud-based customer relationship management platform it uses. The cyberattack occurred on July 16 and was discovered the following day.

 

In a statement shared with the media, Allianz confirmed that the attackers used a social engineering tactic to gain unauthorised access and exfiltrated sensitive personal information of customers, financial professionals, and certain employees. The company stressed that the breach was limited to its U.S. operations and did not affect its global network.

 

“Based on the investigation to date, there is no evidence that internal systems or the broader Allianz network were accessed,” the company stated, adding that its core platforms, including the policy administration system, wasn’t unaffected by the data security incident.

 

Although Allianz Life declined to name the threat actor behind the attack, the breach is believed to be linked to the ShinyHunters group. In fact, ShinyHunters, along with other threat actors claiming ties to ’Scattered Spider’ and ‘Lapsus$’, created a Telegram channel named ‘ScatteredLapsuSp1d3rHunters’ and publicly took credit for the breach.

 

The group leaked a database stolen from Allianz Life, containing approximately 2.8 million records of individual customers and business partners. The data includes sensitive personal information such as names, addresses, phone numbers, birth dates, and Tax IDs, as well as professional details like licenses, company affiliations, product approvals, and marketing classifications.

 

However, a recent analysis by the well-known data breach repository Have I Been Pwned revealed that the incident exposed 1.1 million personal data records, including names, email addresses, dates of birth, phone numbers, and physical addresses.

 

While Allianz Life has confirmed that the data security incident did expose personal information, the company has yet to disclose the number of individuals affected.