Allianz Life 2025 Data Breach

Allianz Life Insurance Breach (2025): 1.1 Million Policyholder Records Including SSN & Home Address Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

ShinyHuntersSocial EngineeringFinancialDate of BirthEmail AddressFull NameGenderPhone NumberPhysical AddressSocial Security Number
High SeverityWebsite / service breach

Allianz Life Insurance Breach (2025): 1.1 Million Policyholder Records Including SSN & Home Address Exposed

Life insurance and annuities provider.

Verified by ObscureIQ Intelligence
79/100Breach Risk Index
33Data Value
40Market Recency
239dSince Breach

Breach Intelligence Summary

Entity: Allianz Life · Actor: ShinyHunters · Sources: 3 references
Attack: Social Engineering
Profile: Financial institution · Insurance and retirement products · Life insurance provider · USA / Global
Timeline: Breach (2025-07-16) · Indexed (Aug 31, 2025) · Year (2025)
Exposure: 1.1M records · 7 fields: Date of Birth, Email Address, Full Name, Gender, Phone Number, Physical Address, Social Security Number
Status: Confirmed

Executive Summary

Allianz Life Insurance Company of North America, the U.S. subsidiary of German insurer Allianz SE, was breached on July 16, 2025 in one of the largest incidents within a coordinated wave of attacks targeting Salesforce customer instances. The threat actor, the cybercrime collective ShinyHunters operating in coordination with Scattered Spider and Lapsus$, used voice-phishing of an Allianz Life employee to authorize a malicious OAuth application connected to Salesforce, then exported customer data through the platform's data-export tooling.\n\nAllianz Life confirmed the data covered approximately 1.5 million individuals across customers, financial professionals, and select employees, representing the majority of its 1.4 million-strong U.S. customer base. Have I Been Pwned indexed approximately 1.1 million unique email addresses among the records. Compromised fields included names, gender, dates of birth, email addresses, phone numbers, home addresses, and Social Security numbers, the last of which Allianz disclosed in subsequent state filings beyond its initial public statement. ShinyHunters publicly posted leaked Salesforce Accounts and Contacts tables totaling around 2.8 million records, including data tied to financial advisors and partner firms.\n\nFor affected individuals, the practical risk is unusually severe because Social Security numbers were among the leaked data. The combination of name, date of birth, address, and SSN supports synthetic identity fraud, fraudulent credit applications, and tax-return fraud. Insurance-themed phishing is a particular concern because policyholders may be persuaded to share account details, change beneficiaries, or accept premium-related 'verification' requests under pretexts that reference their actual policy. Affected customers should freeze credit at all three U.S. bureaus, monitor financial accounts closely, and verify any communication purporting to come from Allianz Life by calling the number on policy documents rather than responding to unsolicited messages.

ObscureIQ assessment: Severe risk of identity theft, insurance fraud, beneficiary manipulation, and targeted scams exploiting retirement or life-insurance relationships.

Breach Impact

The institutional impact on Allianz Life has been substantial. The insurer faces near-universal exposure of its U.S. customer base, multistate attorney-general filings, FBI engagement, and a class-action litigation pipeline that began organizing within days of the breach disclosure. The company's parent group Allianz SE has had to manage reputational fallout across its global insurance and asset-management operations. The supply-chain pathway through Salesforce raises broader questions for the insurance industry about cloud-CRM consolidation and OAuth-application governance. Long-duration insurance products magnify the cost of customer notification and retention because policyholders typically have multi-decade relationships with their insurer.

About Allianz Life

Allianz Life Insurance Company of North America is the U.S. subsidiary of German insurance giant Allianz SE, headquartered in Minneapolis, Minnesota. The company provides life insurance and annuity products to roughly 1.4 million U.S. customers, distributing through a network of independent financial professionals rather than a captive sales force. Its product portfolio is heavily weighted toward fixed and variable annuities used in retirement income planning, alongside indexed universal life insurance and other long-duration products. As a life insurer and retirement-product administrator, Allianz Life maintains deeply sensitive customer records spanning identity, beneficiaries, financial profile, employment, health-related underwriting data, and Social Security numbers used for premium administration and tax reporting.

Why They Hold Your Data

Life insurers collect highly sensitive identity, policy, beneficiary, financial, employment, and claims-related records across insurance and retirement-product administration.

Recent Developments

Allianz Life publicly disclosed the breach within days of detection and notified the U.S. Federal Bureau of Investigation, with state attorneys general subsequently confirming the company also reported the incident to multiple state regulators. The company later updated the affected count from initial estimates to a confirmed 1,497,036 individuals across customers, financial professionals, and select employees. ShinyHunters and affiliated groups subsequently leaked Salesforce database tables on a Telegram channel called 'ScatteredLapsuSp1d3rHunters' that they had set up to publicize multiple Salesforce-cluster compromises. Class-action investigations by U.S. plaintiff law firms began within days of the August 2025 disclosure.

Data Points Exposed

7 verified field types
Date of Birth High
Email Address
Full Name High
Gender
Phone Number
Physical Address High
Social Security Number Critical

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical
Primary downstream threats:
  • Identity theft and synthetic identity construction using government-issued IDs
  • Identity verification bypass using name + date of birth combination
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
Threat vectors:
  • Identity verification bypass
  • Phishing, credential stuffing & account takeover
  • Name-based social engineering
  • Profile enrichment
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Home targeting, stalking & physical threat
  • Full identity theft & synthetic identity fraud

Threat Actor: ShinyHunters

ShinyHunters
Social Engineering

Attribution and method are based on available breach intelligence. Reported attack vector: Social Engineering.

Recommended Actions

If you believe your information may be included:

Protect Your ID Documents
Government-ID exposure enables document fraud — monitor and report misuse.
IdentityTheft.gov
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Allianz Life breach?

Allianz Life Insurance Company of North America, the U.S. subsidiary of German insurer Allianz SE, was breached on July 16, 2025 in one of the largest incidents within a coordinated wave of attacks targeting Salesforce customer instances. The threat actor, the cybercrime collective ShinyHunters…

What data was exposed?

Verified fields include Date of Birth, Email Address, Full Name, Gender, Phone Number, Physical Address, Social Security Number.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
Breach Index
Have I Been Pwned
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation