Image by Andrea Ferrario, from Unsplash
Allianz Life Data Breach Exposes 1.1 Million Customers
Reading time: 2 min
Last Updated: Aug 21, 2025
-
![Kiara Fabbri]()
-
![Sarah Frazier]()
Fact-Checked by Sarah Frazier Content Manager
A massive cyberattack on Allianz Life has exposed the personal data of 1.1 million customers in the United States, according to breach notification site Have I Been Pwned.
In a rush? Here are the quick facts:
- Hackers accessed Salesforce systems via malicious OAuth apps.
- Stolen data includes emails, addresses, phone numbers, and tax IDs.
- ShinyHunters leaked 2.8 million records from Allianz Salesforce databases.
The attack, which took place in mid-July, targeted the company’s Salesforce customer management system.
The U.S. subsidiary of Germany’s Allianz SE Allianz Life revealed hackers stole data from the “majority” of its 1.4 million customer base during July.
BleepingComputer notes that the company operates with 2,000 American staff members, providing insurance services to millions of customers worldwide through its parent company, which ranks as one of the world’s largest insurers.
According to BleepingComputer, the stolen information includes “email addresses, names, genders, dates of birth, phone numbers, and physical addresses.” BleepingComputer confirmed with several affected individuals that their leaked data, including tax IDs, was accurate.
Hackers linked to the ShinyHunters extortion group are believed to be behind the breach. They reportedly tricked employees into granting access to a malicious OAuth app connected to Allianz’s Salesforce instance.
Once inside, attackers stole roughly 2.8 million data records, including those of customers, brokers, financial advisors, and wealth management companies. Databases were later leaked online as part of extortion campaigns.
“Allianz Life had previously said that hackers stole personal information of most of its 1.4 million U.S. customers, financial professionals and select employees,” Reuters reported. The company confirmed that “some selected Allianz Life employees” were also impacted.
An Allianz spokesperson said the investigation is ongoing and the company “couldn’t offer any additional comment at this time,”noted BleepingComputer. However, Reuters reports that Allianz has promised “dedicated resources, including two years of identity monitoring services, to assist impacted individuals.”
The breach is part of a wider campaign of Salesforce-targeted attacks that also hit Google, Qantas, Adidas, Dior, Tiffany & Co., Chanel, and HR giant Workday.
Previous Story
Latest articles 
