Allianz Life Insurance Company of North America has confirmed a data breach impacting most of its 1.4 mn U.S. customers.
The breach, disclosed on July 16, involved unauthorized access to a third-party, cloud-based CRM system used by the company.
According to a company statement, the attacker used a social engineering tactic to gain entry and extract personally identifiable information. The breach also affected financial professionals and some Allianz Life employees.
Allianz Life said it took immediate steps to contain the breach, launched an internal investigation, and notified the FBI. The insurer stated that its core systems—including the policy administration platform—remain unaffected.
The company is currently reaching out to affected individuals and continues to assess the full scope of the incident. Allianz clarified that the breach is limited to its U.S. operations.
The incident follows a separate June breach at Philadelphia Insurance Cos., according to a filing with the California Attorney General. That breach, discovered on July 9, exposed data such as names, birthdates, and driver’s license numbers.
Philadelphia Indemnity Insurance Co. is offering one year of identity monitoring and has implemented new security controls.
Based on our investigation to-date, there is no evidence the Allianz Life network or other company systems were accessed, including our policy administration system
Allianz Life has not yet disclosed the specific data types involved in its case but is expected to issue further notifications as the investigation progresses.
