In July, a data breach at U.S. insurance giant Allianz Life exposed the personal information of 1.1 million customers, according to the data breach notification site Have I Been Pwned. Allianz Life disclosed the breach in late July, confirming that hackers accessed the personal data of the majority of its 1.4 million customers, as well as employee information, from a cloud-stored customer relationship database. The company has not yet confirmed the exact number of affected individuals.
Have I Been Pwned reported that the stolen data includes customers’ names, gender, date of birth, email and home addresses, and phone numbers from a database hosted by cloud provider Salesforce. Later, Allianz Life informed the states of Texas and Massachusetts that Social Security numbers were also compromised in the breach.
Brett Weinberg, a spokesperson for Allianz Life, declined to comment to TechCrunch, citing an ongoing investigation.
Allianz Life is among several major corporations recently targeted by a hacking group known as ShinyHunters, which specializes in social engineering tactics to trick employees into granting access to company databases. Other victims include Google, Cisco, airline giant Qantas, retailer Pandora, and HR firm Workday, all of which reported breaches involving Salesforce-hosted data.
ShinyHunters is reportedly preparing a data leak site to extort victims into paying for the deletion of stolen information, a common tactic among ransomware groups. The group is believed to have ties to other cybercriminal collectives, including Scattered Spider and The Com, known for using hacking, extortion, and sometimes threats of violence to infiltrate networks.