Insurance provider Allianz Life has suffered a major data breach affecting the majority of its 1.4 million US customers, as well as financial professionals and select employees.

Allianz Life, a subsidiary of German financial services giant Allianz, confirmed to Infosecurity that a threat actor obtained the personally identifiable data after gaining access to a third-party, cloud-based CRM system.

Initial access was obtained using a social engineering technique, the company revealed in an emailed statement.

“We took immediate action to contain and mitigate the issue and notified the FBI. Based on our investigation to-date, there is no evidence the Allianz Life network or other company systems were accessed, including our policy administration system. Our investigation is ongoing and we began the process of reaching out to individuals impacted with dedicated resources to assist them,” Allianz Life continued.

The incident is limited to Allianz Life in the US, which currently has 1.4 million customers and nearly 2000 employees.

In a data breach notification submitted to the Office of the Maine Attorney General, the insurer revealed that the breach took place on July 16, 2025, and was discovered the following day.

No further details about the nature of the personally identifiable information accessed by the threat actor are available at the time of writing.

A consumer notice will be provided once Allianz has identified the affected individuals.

The company also confirmed that impacted customers will be offered 24 months of free identity theft restoration and credit monitoring.

Insurance a Known Target of Scattered Spider

The initial details about the Allianz Life breach bears some hallmarks with known tactics employed by the Scattered Spider hacking collective. However, the perpetrators of the attack have not been identified at this time.

Scattered Spider has been observed using social engineering techniques, such as impersonating IT help desks, to harvest credentials from third-party technology vendors.

The group reportedly compromised credentials from Tata Consultancy Services (TCS), a major IT outsourcing firm, to infiltrate UK retailer Marks and Spencer (M&S) in May 2025.

In July, Microsoft reported that the insurance industry has been actively targeted by Scattered Spider between April and June 2025.

