Hackers leak 2.8M sensitive records from Allianz Life in Salesforce data breach

Hackers leaked 2.8M sensitive records from Allianz Life, exposing data on business partners and customers in ongoing Salesforce data theft attacks.

Hackers leaked 2.8 million sensitive records of US insurance giant Allianz Life, exposing data on business partners and customers as part of ongoing Salesforce data theft attacks.

At the end of July, Allianz Life confirmed a data breach exposing personal information of most of its 1.4 million customers. On July 16, 2025, a threat actor accessed a third-party CRM system using social engineering, compromising the data of customers, financial professionals, and some employees.

When reached by TechCrunch, Allianz Life spokesperson Brett Weinberg confirmed the breach.

“On July 16, 2025, a malicious threat actor gained access to a third-party, cloud-based CRM system used by Allianz Life,” the company spokesperson Brett Weinberg told TechCrunch. “The threat actor was able to obtain personally identifiable data related to the majority of Allianz Life’s customers, financial professionals, and select Allianz Life employees, using a social engineering technique,”

The Insurance firm stated that it took immediate action to contain and mitigate the incident and notified the FBI. The company emphasized that, so far, there is no evidence that its internal network or critical systems, including its policy administration system, were accessed. The investigation is still ongoing, and Allianz Life has begun notifying affected individuals, offering dedicated support.

The company disclosed the data breach in a filing with Maine’s Attorney General’s Office.

Although Allianz Life declined to name the threat actor behind the attack, Bleeping Computer reported the breach is believed to be linked to the ShinyHunters group.

ShinyHunters is a popular hacking crew that is known to have offered for sale data stolen from tens of major organizations, including Tokopedia, Homechef, Chatbooks.com, Microsoft, Santander, Ticketmaster, and AT&T.

Over the weekend, ShinyHunters and other hacking crews (“Scattered Spider” and “Lapsus$“) formed a Telegram channel “ScatteredLapsuSp1d3rHunters” to claim credit and taunt over major breaches, including Allianz Life’s leaked Salesforce data.

Threat actors claimed responsibility for the Allianz Life attack and leaked complete databases stolen from the company’s Salesforce instances. The leaked files include Salesforce “Accounts” and “Contacts” tables, containing about 2.8 million records of individual customers and business partners. The exposed data includes sensitive personal details such as names, addresses, phone numbers, birth dates, and Tax IDs, alongside professional info like licenses, firm affiliations, product approvals, and marketing classifications.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)