Clop Ransomware Group Lists Allianz UK Following Oracle EBS Breach

Allianz UK, the UK-based subsidiary of global financial services firm Allianz, has reported a compromise of its Oracle E-Business Suite. The disclosure comes after the company was listed on the Clop ransomware group’s data leak site.

 

Recently, The Register reported that the group of threat actors responsible for the data security incident confirmed that it has stolen confidential data from Allianz-owned British insurer Liverpool Victoria (LV). 

 

Allianz UK, which operates as LV= General Insurance, stated that the incident affected customer data but did not impact LV pension customers or related systems. The company confirmed that data belonging to 80 current customers and 670 former customers was compromised, and all affected individuals have been notified and offered support.

 

The breach occurred through Allianz UK’s Oracle E-Business Suite, which supports its personal lines operations, including products such as home, car, pet, travel, and other personal insurance offerings.

 

Oracle E-Business Suite (EBS) is a widely used enterprise software system that manages various business functions such as finance, logistics, and customer relations. Recently, it has been at the center of major cybersecurity incidents, with the Clop ransomware group exploiting zero-day vulnerabilities that enabled unauthorised remote access and data exfiltration.

 

The Clop ransomware group used this vulnerability to conduct widespread extortion campaigns, posting stolen data on dark web leak sites and threatening victims with data publication unless ransoms were paid.

 

Recently, a seller on a dark-web forum, operating under the handle “yeestge33,” has offered a substantial database of confidential information claiming to have been taken from Allianz Group’s German subsidiary.

 

 

 

According to the threat actor’s post, the database reportedly contains 3 million records belonging to users aged 25 and older. The stolen data is said to include phone numbers, indexes, stock buyback information, income details, gender, age range, policy terms, policy increases, Allianz share information, and currency fields.

 

Allianz Group has not yet issued a statement regarding the threat actor’s claims.