Hackers have stolen the private info of 1.1 million people in a Salesforce knowledge theft assault, which impacted U.S. insurance coverage large Allianz Life in July.
Allianz Life has practically 2,000 staff in the USA and is a subsidiary of Allianz SE, which has over 128 million clients worldwide and ranks because the world’s 82nd largest firm primarily based on income.
As the corporate disclosed final month, info belonging to the “majority” of its 1.4 million clients was stolen by attackers who gained entry to a third-party cloud CRM system on July sixteenth.
Whereas Allianz Life didn’t identify the supplier of the compromised cloud-based CRM system on the time of the disclosure, BleepingComputer first reported that the breach was a part of a wave of Salesforce-targeted knowledge theft assaults linked to the ShinyHunters extortion group.
For the reason that assault, ShinyHunters has leaked the databases stolen from the corporate’s Salesforce situations, containing roughly 2.8 million knowledge information for particular person clients and enterprise companions, together with wealth administration corporations, monetary advisors, and brokers.
On Monday, knowledge breach notification service Have I Been Pwned revealed the extent of the incident, reporting that the e-mail addresses, names, genders, dates of beginning, cellphone numbers, and bodily addresses of 1.1 million Allianz Life clients had been stolen throughout the breach.
BleepingComputer has additionally confirmed with a number of individuals affected by this breach that their knowledge (together with their tax IDs, cellphone numbers, electronic mail addresses, and different info) within the leaked information is correct.
Many different high-profile corporations worldwide had been additionally breached on this marketing campaign, together with Google, Adidas, Qantas, Louis Vuitton, Dior, Tiffany & Co., Chanel, and, most not too long ago, human sources large Workday.
The assaults are believed to have begun in the beginning of the yr, with the menace actors tricking staff into linking a malicious OAuth app to their firm’s Salesforce occasion. As soon as linked, the attackers downloaded and stole firm databases, later utilizing the info to extort victims through electronic mail.
These extortion calls for had been signed as coming from ShinyHunters, a widely known extortion group linked to a string of high-profile breaches through the years, together with the Snowflake assaults and people in opposition to AT&T and PowerSchool.
An Allianz Life spokesperson was not instantly accessible to verify Have I Been Pwned’s findings when contacted by BleepingComputer earlier as we speak.
46% of environments had passwords cracked, practically doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and knowledge exfiltration tendencies.
