Massive Data Breach Confirmed by Allianz Life

share
Header image

Massive Data Breach Confirmed by Allianz Life

share

Company says no evidence the Allianz Life network or other company systems were accessed.

Life insurance firm Allianz Life had most of its 1.4 million customers' data compromised following a data breach this month.

The infiltration of Allianz Life's third-party cloud-based customer relationship management system on July 16th allowed the theft of personal data belonging to clients, financial professionals, and certain employees, according to an Allianz Life spokesperson, who emphasised the intrusion to be contained within the company alone.

"Based on our investigation to-date, there is no evidence the Allianz Life network or other company systems were accessed, including our policy administration system," the spokesperson added.

Other information regarding the perpetrator of the attack was not provided, reports BleepingComputer, but the ShinyHunters hacking operation, which had attacked Snowflake and PowerSchool, has been suspected to be behind the Allianz Life hack.


Boris Cipot, senior security engineer at Black Duck, said: “This breach highlights that the biggest threats don’t always come from direct attacks, but often a combination of vulnerabilities across the entire supply chain. In this case, the attacker used multiple techniques: social engineering to obtain access rights, and a third-party solution as a backdoor into the system.

“Organisations must take a holistic view of their security posture. The supply chain is often the weakest link and must not be overlooked. Allianz responded appropriately by notifying the authorities and the affected customer, and by offering credit and identity monitoring services. However, impacted individuals should remain vigilant.”


Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

Cyber Crime Published: 28 July Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

Upcoming Events

No events found.

Related content

Cyber incident involving rerouted payment drains Zephyr of £700K

Cyber incident involving rerouted payment drains Zephyr of £700K

 Hijacked NHS Scotland domains push adult content

Hijacked NHS Scotland domains push adult content

 UK cybercrime significantly outpaces police staffing growth

UK cybercrime significantly outpaces police staffing growth
Fraud losses top £629M as UK ramps up enforcement

Fraud losses top £629M as UK ramps up enforcement

 Youth cybercrime radicalization driven by online platforms, NCA leader says

Youth cybercrime radicalization driven by online platforms, NCA leader says

 Global cybercrime clampdown disrupts over 45K illicit IP addresses

Global cybercrime clampdown disrupts over 45K illicit IP addresses
Report: UK cyberattacks grow faster than global rate

Report: UK cyberattacks grow faster than global rate