Thought Leadership
The US subsidiary of Germany’s Allianz SE confirms a major cyber attack in which hackers have stolen the personal data of the “majority” of its customers.
Allianz Life Insurance Company of North America has confirmed a serious security incident in which cybercriminals gained access to one of the company’s cloud-based CRM systems on July 16, 2025. According to company spokesperson Brett Weinberg, the attackers were able to use social engineering techniques to steal personal data from the majority of Allianz Life’s 1.4 million customers, as well as financial advisors and select employees (via TechCrunch).
Third CRM system as a gateway
The attack targeted a third-party customer relationship management (CRM) system hosted in the cloud. “A malicious actor gained access to a third-party cloud-based CRM system used by Allianz Life,” the company explained. The hackers managed to gain access to the sensitive information by cleverly manipulating people – social engineering.
The affected system contained extensive customer databases with personal information of policyholders. However, Allianz Life assured that, as far as is currently known, no other systems in the company network have been compromised. The company did not initially disclose the exact number of people affected.
FBI involved, notification from August
Allianz Life has duly reported the security incident to the authorities and is cooperating with the FBI. As is usual in such incidents, the company is keeping a low profile about possible contacts made by the attackers or any ransom demands. Allianz Life also did not want to publicly identify a specific hacker group.
Following Saturday’s notification to the Maine Attorney General’s Office – a legally required action for data breaches – the company plans to notify affected customers beginning August 1.
