Allianz Life Insurance Company of North America confirmed a data breach on July 16, 2025, impacting the majority of its 1.4 million U.S. customers, as well as financial professionals and select employees. The breach occurred through a social engineering attack on a third-party, cloud-based CRM system, allowing a malicious threat actor to access personally identifiable information (PII), such as names and contact details, though specific data types were not fully disclosed. The company discovered the breach the following day, July 17, and took immediate action to contain it, notifying the FBI and other authorities, including the Maine Attorney General’s Office. Allianz Life’s internal network and policy administration systems were not compromised. The company is offering affected individuals 24 months of free identity theft protection and credit monitoring and has begun notifying them, with full communication expected by August 1. While Allianz Life did not confirm the responsible hacking group, some sources suggest involvement by the ShinyHunters or Scattered Spider groups, known for similar high-profile attacks. This incident is part of a broader wave of cyberattacks targeting the insurance sector.
