WorldKings.ORG
Hackers have compromised the personal data of a majority of Allianz Life Insurance Company of North America’s 1.4 million customers, the firm’s parent company has confirmed.
In a statement to the BBC, German insurance giant Allianz disclosed that on 16 July 2025, a “malicious threat actor” infiltrated a third-party, cloud-based Customer Relationship Management (CRM) system utilized by Allianz Life in North America.
The breach resulted in the unauthorized access of personally identifiable information (PII) belonging to a significant portion of Allianz Life’s clientele, as well as financial professionals and select employees, the company said. The attack was carried out using a social engineering tactic, a common cybercrime method that manipulates individuals into divulging confidential information.
The parent company clarified that the breach was limited strictly to Allianz Life Insurance Company of North America and did not impact other branches or systems under the Allianz group umbrella.
The incident came to light through a legal notification submitted to the Office of the Attorney General in the U.S. state of Maine. While Allianz did not reveal the exact number of affected individuals, it acknowledged that the scope of the breach encompassed a large majority of the insurer’s North American customer base.
“Allianz Life took immediate action to contain the incident and prevent further unauthorized access,” the company said in its official statement. “We have informed federal law enforcement authorities, including the FBI.”
The company emphasized that there is currently “no evidence” to suggest that the core Allianz Life network or any other internal systems, such as the policy administration system, were compromised during the breach.
Allianz, which serves over 125 million customers worldwide, stated that it is now actively contacting those impacted by the data breach and offering assistance.
Social engineering attacks rely on deceiving or manipulating people into disclosing private or sensitive data—often by pretending to be a trusted individual or organization. In this case, the hackers appear to have used such tactics to gain access to the CRM platform that housed sensitive customer and employee information.
The breach highlights growing concerns around cybersecurity vulnerabilities in third-party cloud systems, especially those that store vast amounts of personal and financial information. As insurance firms increasingly rely on external platforms for data management and client interaction, cybersecurity experts warn that these systems can become attractive targets for cybercriminals.
Allianz did not elaborate on the nature of the compromised data but said that it is working closely with cybersecurity professionals to investigate the full extent of the breach and strengthen its data protection measures moving forward.
The company added that those affected will receive detailed information about the incident and support services to mitigate any risks arising from the exposure of their personal data.
