The July cyberattack on Allianz Life compromised the personal information of more than 1.1 million customers, according to data breach notification service Have I Been Pwned, which tracks large-scale data theft incidents.
Allianz Life, the U.S. insurance arm of Germany’s Allianz SE, confirmed in late July that hackers accessed a cloud-based customer relationship database, affecting the “majority” of its 1.4 million policyholders and employees. The company has not disclosed an exact figure, but Have I Been Pwned said on Monday that 1.1 million individuals’ data is now known to have been stolen.
The compromised information includes customers’ names, dates of birth, gender, email and home addresses, and phone numbers, the site reported. Allianz also notified authorities in Texas and Massachusetts that Social Security numbers were taken. The database was hosted on Salesforce’s cloud platform.
The hackers behind the breach are believed to be ShinyHunters, a cybercrime group known for social engineering attacks. The gang has recently targeted several large companies, including Google, Cisco, Qantas, Pandora, and HR software provider Workday, with breaches also tied to Salesforce-hosted systems.
Investigators say ShinyHunters are preparing to publish data on a leak site as part of an extortion campaign, a tactic typically employed by ransomware operators. The group is also linked to other cybercrime outfits such as Scattered Spider and The Com.
Source: Techcrunch
