Peter A Clarke

Allianz Life is one of America’s largest insurance companies. It has suffered a data breach where a majority of its customers’ personal information was stolen. While it concedes the extent of the mistake in broad terms it refused to put a number on those affected.  CBS reports that Allianz Insurance Company of North America has 1.4 million customers.

Access came through a third party cloud based CRM system used by the company. Third party access is now a preferred means of access by many hackers. Third party providers often have less extensive protections and it is often easier to get authorisations. 

The data breach is reported by Tech Crunch with Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack. Allianz filed notice of the data breach with the Maine Attorney General.

The Tech Crunch story provides:

U.S. insurance giant Allianz Life has confirmed to TechCrunch that hackers stole the personal information of the “majority” of its customers, financial professionals, and employees during a mid-July data breach.

When reached by TechCrunch, Allianz Life spokesperson Brett Weinberg confirmed the breach.

“On July 16, 2025, a malicious threat actor gained access to a third-party, cloud-based CRM system used by Allianz Life,” referring to a customer relationship management (CRM) database containing information on its customers. “The threat actor was able to obtain personally identifiable data related to the majority of Allianz Life’s customers, financial professionals, and select Allianz Life employees, using a social engineering technique,” the spokesperson said.

The company disclosed the data breach on Saturday in a legally required filing with Maine’s attorney general, but did not immediately provide a number of how many Allianz Life customers are affected. According to the spokesperson, Allianz Life has 1.4 million customers. Its parent company, Allianz, has more than 125 million customers worldwide.

Allianz Life said it notified the FBI, and added it had “no evidence” that any other systems on its network were compromised. 

The insurance giant would not say if it had received any communication from the hackers, such as a ransom note. The company also would not attribute the breach to a hacking group. 

Allianz Life is the latest company in the past month to have been hacked during a wave of data breaches targeting the wider insurance industry, including Aflac, a major provider of supplementary health insurance. Security researchers at Google said in June that they were “aware of multiple intrusions” across the insurance sector attributed to Scattered Spider, a collective of hackers and techniques that rely on social engineering techniques, such as deceptively calling and tricking helpdesks into granting them access to a company’s network. 

Prior to targeting insurance companies, the Scattered Spider hackers were seen targeting the U.K. retail industry, as well as the aviation and transportation sectors, and are historically known for hacks targeting Silicon Valley technology giants.

Per the Maine filing, Allianz plans to begin notifying affected individuals around August 1.

The Maine filing provides:

Entity Information

• • Type of Organization: Financial Services
  • Entity Name: Allianz Life Insurance Company of North America
  • Street Address: 5701 Golden Hills Drive
  • City: Minneapolis
  • State, or Country if outside the US: MN
  • Zip Code: 55416

Submitted By

• • Name: Alexander Sand
  • Title: Attorney
  • Firm name (if different than entity): Eversheds Sutherland
  • Telephone Number: (512) 721-2721
  • Email Address: alexandersand@eversheds-sutherland.com
  • Relationship to entity whose information was compromised: Outside counsel

Breach Information

• • Total number of persons affected (including residents): Unknown
  • Total number of Maine residents affected: Unknown
  • If the number of Maine residents exceeds 1,000, have the consumer reporting agencies been notified:
  • Date(s) Breach Occured: July 16, 2025
  • Date Breach Discovered: July 17, 2025
  • Description of the Breach:
    • External system breach (hacking)
  • Information Acquired – Name or other personal identifier in combination with:

Notification and Protection Services

• • Type of Notification: Written
  • Date(s) of consumer notification: August 01, 2025
  • Copy of notice to affected Maine residents: Consumer_Notice_Placeholder.pdf
  • Date of any previous (within 12 months) breach notifications:
  • Were identity theft protection services offered: Yes
  • If yes, please provide the duration, the provider of the service and a brief description of the service: 24 months of identity theft restoration and credit monitoring through Kroll

The CBS report provides:

Hackers gained access to personal data on the majority of the 1.4 million customers of Allianz Life Insurance Company of North America, the company confirmed Saturday.

Minneapolis-based Allianz Life, a subsidiary of Munich, Germany-based Allianz SE, said the data breach happened on July 16 when a “malicious threat actor” gained access to a third-party, cloud-based system used by the company.

“The threat actor was able to obtain personally identifiable data related to the majority of Allianz Life’s customers, financial professionals, and select Allianz Life employees, using a social engineering technique,” Allianz Life said in a statement. “We took immediate action to contain and mitigate the issue and notified the FBI.”

The company said its own systems were not accessed, just the third-party’s platform.

Allianz Life said its investigation is ongoing and that the company has begun reaching out to the impacted individuals. It said the incident involves only Allianz Life in the U.S., not other Allianz corporate entities.

In the case of data breaches, a “social engineering technique” usually involves using trickery to gain access. Spokesman Brett Weinberg said he couldn’t provide details because they are still investigating.

Allianz Life also reported the breach to multiple other authorities, including the Maine Attorney General’s Office. A filing on the agency’s website said the company discovered the breach the day after it happened, and that it will be offering those affected 24 months of identity theft protection and credit monitoring.

Allianz Life was known as North American Life and Casualty until it was acquired by German conglomerate Allianz SE in 1979 and changed its name to Allianz Life Insurance Company of North America. It has nearly 2,000 employees in U.S., with the majority working in Minnesota, according to its website.

It is one of five North American subsidiaries of the Munich-based global financial services group Allianz SE, which says it serves more than 125 million customers worldwide.