Hackers have stolen the non-public info of 1.1 million people in a Salesforce knowledge theft assault, which impacted U.S. insurance coverage large Allianz Life in July.
Allianz Life has almost 2,000 staff in america and is a subsidiary of Allianz SE, which has over 128 million prospects worldwide and ranks because the world’s 82nd largest firm based mostly on income.
As the corporate disclosed final month, info belonging to the “majority” of its 1.4 million prospects was stolen by attackers who gained entry to a third-party cloud CRM system on July sixteenth.
Whereas Allianz Life didn’t identify the supplier of the compromised cloud-based CRM system on the time of the disclosure, BleepingComputer first reported that the breach was a part of a wave of Salesforce-targeted knowledge theft assaults linked to the ShinyHunters extortion group.
Because the assault, ShinyHunters has leaked the databases stolen from the corporate’s Salesforce cases, containing roughly 2.8 million knowledge data for particular person prospects and enterprise companions, together with wealth administration firms, monetary advisors, and brokers.
On Monday, knowledge breach notification service Have I Been Pwned revealed the extent of the incident, reporting that the e-mail addresses, names, genders, dates of delivery, cellphone numbers, and bodily addresses of 1.1 million Allianz Life prospects had been stolen through the breach.
BleepingComputer has additionally confirmed with a number of individuals affected by this breach that their knowledge (together with their tax IDs, cellphone numbers, e mail addresses, and different info) within the leaked information is correct.
Many different high-profile firms worldwide had been additionally breached on this marketing campaign, together with Google, Adidas, Qantas, Louis Vuitton, Dior, Tiffany & Co., Chanel, and, most lately, human sources large Workday.
The assaults are believed to have begun initially of the yr, with the menace actors tricking staff into linking a malicious OAuth app to their firm’s Salesforce occasion. As soon as linked, the attackers downloaded and stole firm databases, later utilizing the info to extort victims by way of e mail.
These extortion calls for had been signed as coming from ShinyHunters, a widely known extortion group linked to a string of high-profile breaches over time, together with the Snowflake assaults and people towards AT&T and PowerSchool.
An Allianz Life spokesperson was not instantly obtainable to substantiate Have I Been Pwned’s findings when contacted by BleepingComputer earlier at present.
46% of environments had passwords cracked, almost doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete have a look at extra findings on prevention, detection, and knowledge exfiltration developments.
