A subsidiary of insurance giant Allianz was recently targeted by hackers in an attack that resulted in the personal information of many individuals being compromised.
The hackers targeted Allianz Life Insurance Company of North America, specifically a third-party customer relationship management (CRM) system used by the company.
Allianz Life told SecurityWeek in an emailed statement that the attackers gained access to the cloud-based CRM on July 16 and obtained personally identifiable information on a majority of customers, financial professionals, and some employees.
“This incident is related only to Allianz Life in the US, which currently has 1.4 million customers,” the company said.
The life insurance firm shared little technical information on the incident, but it did note that the intrusion involved the use of an unnamed social engineering technique.
Allianz Life also pointed out that to date it has found no evidence that its network or other company systems, including its policy administration system, were compromised.
The company said it took immediate action to contain and mitigate the incident, and notified the FBI. An investigation is ongoing and affected individuals are being notified.
The breach was disclosed on Friday by the Maine Attorney General’s Office, but the report submitted there by Allianz Life does not say exactly how many individuals are impacted — the Maine AGO typically publishes the exact number of victims, when available.
In addition, the insurer has yet to provide the attorney general a copy of the data breach notification it’s sending out to affected customers.
The report submitted to the Maine AGO does reveal that impacted individuals are being offered 24 months of free identity theft restoration and credit monitoring services.
It’s unclear who is behind the Allianz Life hack, but Google recently warned that the notorious cybercrime group Scattered Spider appeared to have set its sights on insurance companies in the United States.
Related: New York Sues Insurance Giant Over Data Breaches
Related: Insurance Firm Lemonade Says API Glitch Exposed Some Driver’s License Numbers
Related: Insurance Company Globe Life Notifying 850,000 People of Data Breach
Related: Insurance Firm Johnson & Johnson Discloses Data Breach
