Allianz Life Breach Blamed On Social Engineering
The cyberattack was said to have impacted a ‘majority’ of its customers.
Allianz Life Insurance Company of North America was attacked by hackers who exposed the personal information of millions of the company’s customers.
The Minneapolis-based Allianz Life, which is a subsidiary of Germany-based Allianz SE, said the attack occurred on July 16 and that “a malicious threat actor gained access to a third-party, cloud-based CRM system.”
The statement, which Allianz shared with MES Computing, provided more details about the attack. “The threat actor was able to obtain personally identifiable data related to the majority of Allianz Life’s customers, financial professionals, and select Allianz Life employees, using a social engineering technique.”
The insurance company also detailed its response to the attack.
“We took immediate action to contain and mitigate the issue and notified the FBI. Based on our investigation to-date, there is no evidence the Allianz Life network or other company systems were accessed, including our policy administration system. Our investigation is ongoing and we began the process of reaching out to individuals impacted with dedicated resources to assist them. This incident is related only to Allianz Life in the U.S., which currently has 1.4 million customers.”
One cybersecurity evangelist said the hack highlights an increase in cybersecurity attacks targeted at third-party providers.
“While multi-factor authentication is critical, it’s not bulletproof. Attackers now bypass MFA with sophisticated social engineering techniques. By integrating MFA with Zero Trust, the security changes to the assumption that attackers will get in, placing guardrails that limit damage and exposure when they inevitably do. Attack vectors are constantly evolving and cybercriminals are relentless in developing new tactics, techniques, and procedures. This necessitates a proactive and flexible approach to cybersecurity, which includes adopting protocols and security architectures like Zero Trust,” Tarun Desikan, zero trust evangelist and EVP of cloud edge security at SonicWall, said in an emailed statement.
The Allianz hack is the most recent among several high-profile cyberattacks involving large corporations.
In 2021, a ransomware group hacked into Colonial Pipeline by way of an inactive account that did not use multifactor authentication, CRN reported.
In 2024, Change Healthcare, a subsidiary of healthcare titan UnitedHealth Group, was the victim of a massive ransomware attack that potentially compromised 190 million customers.
In June, insurance company Aflac reported it had found that an “unauthorized party used social engineering tactics to gain access to our network.”
Several law firms are calling on any customers who may have been impacted by the Allianz Life breach to contact them, including the Philadelphia-based firm Edelson Lechtzin LLP, which said it is “investigating a class action lawsuit to seek legal remedies for individuals whose sensitive personal data may have been compromised by the Allianz Life data breach,” according to a press release the firm sent out.