Cybersecurity Breach: Allianz Life Data Compromised in Salesforce Attack

Hackers have released sensitive data belonging to Allianz Life, a prominent US insurance company, exposing approximately 2.8 million records related to both business partners and customers. This breach is part of a series of ongoing Salesforce data theft attacks. Allianz Life disclosed last month that it suffered a data breach on July 16, when personal information for the majority of its 1.4 million customers was stolen from a third-party, cloud-based CRM system. Although the company did not specify the provider, BleepingComputer reported that the incident was linked to a wave of thefts orchestrated by the ShinyHunters extortion group.

Over the weekend, ShinyHunters, along with other threat actors associated with “Scattered Spider” and “Lapsus$,” established a Telegram channel named “ScatteredLapsuSp1d3rHunters.” This channel was created to mock cybersecurity researchers, law enforcement, and journalists while claiming responsibility for a series of high-profile breaches, including those affecting Internet Archive, Pearson, and Coinbase. Among the attacks attributed to these threat actors is the breach of Allianz Life, from which they leaked complete databases stolen from the company’s Salesforce instances. The leaked data includes sensitive personal information such as names, addresses, phone numbers, dates of birth, and Tax Identification Numbers, as well as professional details like licenses and firm affiliations. BleepingComputer confirmed the accuracy of the leaked data with multiple individuals, including their phone numbers and email addresses. 

Categories: Data Breach, Cybersecurity Threats, Salesforce Attacks 

Tags: Allianz Life, Data Breach, Salesforce, ShinyHunters, Extortion, Sensitive Information, Cloud-Based CRM, Cybersecurity, Social Engineering, Data Theft