Allianz Life confirms a data breach impacting 1.1 million customers, highlighting growing cybersecurity and privacy concerns.
According to the data breach notification site Have I Been Pwned, the personal information of 1.1 million customers was stolen by hackers during the July data breach at the U.S. insurance colossus Allianz Life.
In late July, Allianz Life disclosed the data breach, officially verifying that hackers had stolen the personal information of the “majority” of its 1.4 million customers and employees from a cloud-stored customer relationship database.
To date, Allianz has declined to provide a precise number of individuals impacted by the breach.
Have I Been Pwned, a data breach notification site that alerts individuals when their email address has been compromised in data breaches, announced in a post on Monday that the Allianz Life breach includes customers’ names, gender, date of birth, email, home addresses, and phone numbers from a database hosted by cloud giant Salesforce.
Allianz Life subsequently informed the states of Texas and Massachusetts that the hackers also seized Social Security numbers during the breach.
Allianz Life spokesperson Brett Weinberg declined to comment to TechCrunch during the company’s ongoing investigation.
In recent months, a hacking crew known as ShinyHunters has targeted a succession of tech and corporate giants, including Allianz Life.
The group is renowned for its social engineering skills, which are used to deceive employees into granting them access to the company’s databases.
Recent data thefts related to their Salesforce-hosted data have been reported by Google, Cisco, airline behemoth Qantas, and retailer Pandora. Additionally, TechCrunch reported on Monday that HR giant Workday has been affected.
The ShinyHunters gang is reportedly establishing a data leak site to extort victims into paying the hackers to erase the data.
This is a common strategy used by ransomware gangs. The organization is purportedly affiliated with other hacking and criminal organizations, such as The Com and Scattered Spider, which are recognized collectives of cybercriminals who employ hacking, extortion, and occasionally threats of violence to gain access to networks.
