Allianz Life Insurance Company of North America, the U.S. subsidiary of German insurer Allianz SE, was breached on July 16, 2025 in one of the largest incidents within a coordinated wave of attacks targeting Salesforce customer instances. The threat actor, the cybercrime collective ShinyHunters operating in coordination with Scattered Spider and Lapsus$, used voice-phishing of an Allianz Life employee to authorize a malicious OAuth application connected to Salesforce, then exported customer data through the platform's data-export tooling.\n\nAllianz Life confirmed the data covered approximately 1.5 million individuals across customers, financial professionals, and select employees, representing the majority of its 1.4 million-strong U.S. customer base. Have I Been Pwned indexed approximately 1.1 million unique email addresses among the records. Compromised fields included names, gender, dates of birth, email addresses, phone numbers, home addresses, and Social Security numbers, the last of which Allianz disclosed in subsequent state filings beyond its initial public statement. ShinyHunters publicly posted leaked Salesforce Accounts and Contacts tables totaling around 2.8 million records, including data tied to financial advisors and partner firms.\n\nFor affected individuals, the practical risk is unusually severe because Social Security numbers were among the leaked data. The combination of name, date of birth, address, and SSN supports synthetic identity fraud, fraudulent credit applications, and tax-return fraud. Insurance-themed phishing is a particular concern because policyholders may be persuaded to share account details, change beneficiaries, or accept premium-related 'verification' requests under pretexts that reference their actual policy. Affected customers should freeze credit at all three U.S. bureaus, monitor financial accounts closely, and verify any communication purporting to come from Allianz Life by calling the number on policy documents rather than responding to unsolicited messages.

Life insurers collect highly sensitive identity, policy, beneficiary, financial, employment, and claims-related records across insurance and retirement-product administration.

Allianz Life publicly disclosed the breach within days of detection and notified the U.S. Federal Bureau of Investigation, with state attorneys general subsequently confirming the company also reported the incident to multiple state regulators. The company later updated the affected count from initial estimates to a confirmed 1,497,036 individuals across customers, financial professionals, and select employees. ShinyHunters and affiliated groups subsequently leaked Salesforce database tables on a Telegram channel called 'ScatteredLapsuSp1d3rHunters' that they had set up to publicize multiple Salesforce-cluster compromises. Class-action investigations by U.S. plaintiff law firms began within days of the August 2025 disclosure.