Hackers have stolen the private data of 1.1 million people in a Salesforce information theft assault, which impacted U.S. insurance coverage big Allianz Life in July.
Allianz Life has almost 2,000 workers in the USA and is a subsidiary of Allianz SE, which has over 128 million clients worldwide and ranks because the world’s 82nd largest firm primarily based on income.
As the corporate disclosed final month, data belonging to the “majority” of its 1.4 million clients was stolen by attackers who gained entry to a third-party cloud CRM system on July sixteenth.
Whereas Allianz Life didn’t identify the supplier of the compromised cloud-based CRM system on the time of the disclosure, BleepingComputer first reported that the breach was a part of a wave of Salesforce-targeted information theft assaults linked to the ShinyHunters extortion group.
For the reason that assault, ShinyHunters has leaked the databases stolen from the corporate’s Salesforce cases, containing roughly 2.8 million information information for particular person clients and enterprise companions, together with wealth administration corporations, monetary advisors, and brokers.
On Monday, information breach notification service Have I Been Pwned revealed the extent of the incident, reporting that the e-mail addresses, names, genders, dates of start, cellphone numbers, and bodily addresses of 1.1 million Allianz Life clients have been stolen throughout the breach.
BleepingComputer has additionally confirmed with a number of individuals affected by this breach that their information (together with their tax IDs, cellphone numbers, e-mail addresses, and different data) within the leaked information is correct.
Many different high-profile corporations worldwide have been additionally breached on this marketing campaign, together with Google, Adidas, Qantas, Louis Vuitton, Dior, Tiffany & Co., Chanel, and, most not too long ago, human assets big Workday.
The assaults are believed to have begun initially of the 12 months, with the menace actors tricking workers into linking a malicious OAuth app to their firm’s Salesforce occasion. As soon as related, the attackers downloaded and stole firm databases, later utilizing the information to extort victims by way of e-mail.
These extortion calls for have been signed as coming from ShinyHunters, a widely known extortion group linked to a string of high-profile breaches through the years, together with the Snowflake assaults and people towards AT&T and PowerSchool.
An Allianz Life spokesperson was not instantly out there to verify Have I Been Pwned’s findings when contacted by BleepingComputer earlier immediately.
46% of environments had passwords cracked, almost doubling from 25% final 12 months.
Get the Picus Blue Report 2025 now for a complete have a look at extra findings on prevention, detection, and information exfiltration developments.
