Allianz Life Data Leak Exposes Social Security Numbers and More to Hackers

• New filings: New Allianz Life Insurance Company of North America filings revealed more about what type of data hackers stole in the recent breach.
• Data stolen: Social Security numbers and names are among the exfiltrated sensitive details.
• Attribution: It was attributed to social engineering targeting a third-party CRM service, with Scattered Spider and ShinyHunters as possible authors.

Allianz Life Insurance Company of North America recently disclosed that Social Security numbers were compromised among other personal details in the July 16 data breach, after the company initially reported that hackers stole names and other personal identifiers of customers, financial professionals, and some employees.

The intrusion has emerged as one of the most significant data breaches in 2025, exposing sensitive information belonging to a large portion of its 1.4 million customer base.

Breach Details  

Hackers infiltrated Allianz Life Insurance Company of North America's third-party customer relationship management (CRM) database using social engineering techniques, which involve hackers impersonating employees and manipulating helpdesk systems to gain access to private passwords.

The company acknowledged that sensitive data such as names, dates of birth, postal addresses, and Social Security numbers were exposed as a result of the hack, in various combinations. 

The stolen Social Security numbers heighten the risk of identity theft and fraudulent activities, escalating concerns among those impacted.  

While the attack shares similarities with the Scattered Spider methodology, Agnidipta Sarkar from ColorTokens believed ShinyHunters could also be behind it. 

Company Response  

Besides informing state regulators about the breach, with notifications filed in Texas, Massachusetts, and other states, Allianz Life has committed to addressing the exposure by notifying impacted individuals starting August 1, along with free credit monitoring and identity theft protection services. 

This breach underscores the crucial importance of implementing robust security practices, including multi-factor authentication (MFA) systems, to limit the growing threat of social engineering tactics.  

In recent news, consumer cleaning and disinfecting products manufacturer Clorox blames Cognizant for an older Scattered Spider breach, as the lawsuit claims that Cognizant’s service desk staff provided attackers with employee credentials without identity verification.