Allianz Life data breach exposes personal information of majority of US customers

A cyberattack on Allianz Life Insurance Company of North America has compromised personal information belonging to the majority of its 1.4 million U.S. customers, the firm’s German parent company confirmed this week.

According to a legal filing submitted to the Maine Attorney General’s office, the breach occurred on July 16, 2025, when hackers exploited a third-party, cloud-based customer relationship management (CRM) platform used by Allianz Life. The breach was discovered the following day.

In a statement shared with multiple outlets, Allianz said the attackers used a social engineering tactic to gain unauthorized access and extract personally identifiable information related to customers, financial professionals, and certain employees. The company emphasized that the breach was limited to its U.S. operations and did not impact its global network.

"Based on the investigation so far, there’s no indication that internal systems or the broader Allianz network were accessed," the company said, noting that core platforms, including its policy administration system, remain unaffected.

Allianz reported that it took immediate action to secure affected systems and has notified the Federal Bureau of Investigation. The company is also working with federal authorities and cybersecurity experts to investigate the incident and mitigate its impact.

Though Allianz did not disclose the exact number of individuals affected or specify the types of data exposed, the firm confirmed that the breach involved a significant portion of its North American customer base. The company has begun contacting those impacted and said it is taking steps to provide support.

The incident, first reported by TechCrunch, highlights the increasing vulnerability of financial institutions to sophisticated cyberattacks, particularly those involving third-party cloud services. Experts warn that the growing reliance on external platforms and the prevalence of social engineering techniques are placing sensitive consumer data at heightened risk.