U.S. insurance giant Allianz Life has confirmed a massive data breach that compromised the personal information of over 1.1 million customers, according to breach notification site Have I Been Pwned.
The breach, disclosed in late July, stemmed from a hack targeting a Salesforce-hosted customer relationship database, exposing customer names, gender, date of birth, email and home addresses, and phone numbers. Allianz later told state regulators in Texas and Massachusetts that Social Security numbers were also stolen.
While Allianz initially said the “majority” of its 1.4 million customers were impacted, the company has not confirmed exact figures.
The attack has been linked to the hacking crew ShinyHunters, known for using social engineering tactics to infiltrate corporate databases. The group has also been tied to recent breaches at Google, Cisco, Qantas, Pandora, and Workday. Reports suggest ShinyHunters are preparing a data leak site to pressure victims into paying to prevent stolen data from being released.
Related: Workday Confirms Data Breach Linked to Third-Party Database.
Allianz spokesperson Brett Weinberg declined further comment, citing the ongoing investigation.
The breach highlights growing risks tied to cloud-based customer data platforms and the rising sophistication of cybercrime groups that blend hacking, extortion, and threats of violence.
