Allianz Life, an American insurance company, has confirmed that as a result of the hacking of its CRM system, attackers obtained the personal data of most of its 1.4 million customers. The hackers used social engineering to access the cloud service.
The company discovered the incident on July 16, 2025. A third-party CRM system related to interaction with customers, financial advisors and some Allianz Life employees was hacked. A company representative assured that no internal systems or networks of Allianz Life were compromised.
The investigation is ongoing. The FBI has already been involved, and the victims have been promised assistance. The exact amount of personal data that fell into the hands of the attackers is not yet known. It is also not disclosed whether a ransom demand was made.
The attack is being carried out by the international hacking group ShinyHunters, which has been operating since 2020. It is known for hacking Ticketmaster, Neiman Marcus, Advanced Auto Parts, Santander and others. Despite numerous arrests, the group continues to attack high-profile targets across sectors.
The breach was officially reported to the Maine Attorney General’s Office, although Allianz Life did not disclose the exact number of victims. Allianz’s parent company serves more than 125 million customers worldwide.
This incident once again demonstrates how dangerous third-party infrastructure can be, even for powerful insurance giants. Social engineering continues to be an effective tactic to access critical systems, and customers of large corporations can become victims without even interacting directly with the compromised platforms.
