1.1 million Allianz Life accounts were exposed, representing most of its 1.4 million North America customers and including financial professionals and some employees from Salesforce Accounts and Contacts databases. Exposed data reportedly includes dates of birth, email addresses, genders, names, phone numbers, physical addresses, and Social Security numbers. Over 70% of the email addresses had been affected by prior breaches. The incident occurred on July 16, discovered a day later, and involved social engineering that impersonated IT support, abused OAuth applications and a Salesforce Data Loader to exfiltrate CRM data. Allianz said core networks and policy systems appeared unaffected and will notify affected individuals.
The numbers represent the vast majority of the company's 1.4 million customers in the North America region, along with the data of financial professionals and some Allianz Life employees contained in Salesforce Accounts and Contacts databases. Data exposed in the incident is believed to include dates of birth, email addresses, genders, names, phone numbers, and physical addresses. According to Allianz, Social Security numbers were also taken. More than seven-in-ten of the exposed email addresses had already been affected by previously-disclosed data breaches.
Jon Abbott, CEO of ThreatAware, described the scale of the breach as "significant", noting that the data leaked represents a treasure trove of information to target victims. "The sensitive and valuable information held in CRM tools is exactly why it's targeted by attackers," he said. "The data can be used by other cyber criminals for identity theft and phishing campaigns." What happened with the Allianz Life data breach?
Collection
[
|
...
]