On July 16, 2025, a malicious threat actor used social engineering to infiltrate a third‑party, cloud‑based CRM system used by Allianz Life Insurance Company of North America, compromising personally identifiable data for the majority of its 1.4 million U.S. customers
Allianz Life confirmed its internal systems were not breached, only the external vendor platform.
Allianz has begun notifying impacted individuals and is offering 24 months of identity theft protection and credit monitoring (through Kroll) while the investigation continues.
Allianz Life of North America reports its network was breached earlier this month. While its internal infrastructure remained secure, Allianz said the attacker accessed personally identifiable information, including names, addresses, and dates of birth, affecting most of the insurer’s 1.4 million U.S. clients, along with some agents and select employees.
Once detected—likely shortly after initial access—Allianz said it dispatched containment measures and notified law enforcement and regulatory bodies. The company filed incident notifications with authorities in Maine, Massachusetts, and others as required. It confirmed that none of its own internal policy administration systems showed signs of intrusion.
Impact and support
Affected individuals are receiving breach notification letters and have been offered 24 months of identity monitoring and credit protection services via Kroll. Allianz said it is continuing to investigate and has not released specifics about the identity or motivations of the attacker—though reports suggest the ShinyHunters group may be involved.
The breach shows the growing vulnerabilities stemming from third‑party systems, now responsible for nearly 30% of major cyber incidents, according to industry reports. Allianz’s internal data shows that large cyber claims, especially for privacy/data breaches, rose sharply, up 14%, severity up 17% in early 2024.
Allianz said affected policyholders should:
Activate identity protection services as instructed in your notification.
Monitor credit reports and financial activity closely. Consider placing fraud alerts if suspicious activity is detected.
Be wary of phishing attacks; Allianz will never ask for account logins or SSNs via unsolicited calls or emails.