CRM Hack Exposes Data From Most of Allianz Life’s 1.4 Million US Customers

Personal data belonging to most of Allianz Life Insurance Co. of North America’s 1.4 million U.S. customers was exposed on July 16, the company confirmed.

The breach was discovered one day after a “malicious threat actor” hacked into a third-party customer relationship management system used by the insurer, according to a company statement.

“The threat actor was able to obtain personally identifiable data related to the majority of Allianz Life’s customers, financial professionals, and select Allianz Life employees, using a social engineering technique,” Allianz Life said in its statement. “We took immediate action to contain and mitigate the issue and notified the FBI.”

An attorney for Allianz submitted a disclosure of the breach to the office of the Maine attorney general. According to the filing, affected customers will receive 24 months of identity theft restoration and credit monitoring through Kroll.

The report stated that the number of individuals impacted is “unknown.” The Maine attorney general’s office typically publishes an exact number of victims when the data are available.

“Based on our investigation to-date, there is no evidence the Allianz Life network or other company systems were accessed, including our policy administration system,” Allianz Life added in its statement. “Our investigation is ongoing and we began the process of reaching out to individuals impacted with dedicated resources to assist them.”

In 2022, Allianz Life entered the defined contribution market by offering an in-plan guaranteed lifetime income option, an expansion of its life insurance suite of products. The company is one of five subsidiaries of the Munich-based global financial services group Allianz SE, which serves more than 125 million customers worldwide.