CyberHappenings logo
☰
🏠 Home πŸ“‚ Browse ℹ️ About

Allianz Life data breach affects 1.1 million customers via Salesforce compromise

First reported
Last updated
πŸ“° 2 unique sources, 4 articles

Summary

Hide β–²

Allianz Life, a U.S. insurance subsidiary of Allianz SE, experienced a data breach in July 2025. Hackers accessed a third-party cloud CRM system, stealing personal information of 1.1 million customers. The breach involved a malicious OAuth app linked to Salesforce instances, leading to the exfiltration of sensitive data. The extortion group ShinyHunters, tracked as UNC6040, claimed responsibility and leaked the stolen data. The breach is part of a broader campaign targeting multiple high-profile companies, including Google, Adidas, Workday, Qantas, Pandora, and Workiva. Allianz Life confirmed the breach but declined to provide additional details due to an ongoing investigation. Qantas Group executives reduced their short-term compensation by 15% due to the impact of the cyberattack on customers, which affected approximately 5.7 million passengers.

Timeline

  1. 09.09.2025 22:17 πŸ“° 1 articles

    Qantas discloses breach details and executive pay reduction

    Qantas Group executives reduced their short-term compensation by 15% due to the impact of the cyberattack on customers. The breach affected approximately 5.7 million passengers, with the attackers obtaining names, email addresses, and frequent flyer numbers. Qantas implemented additional protections for customers and warned of increased phishing activity. The group tracked as UNC6040, affiliated with ShinyHunters, used Salesforce as a point of entry in the attacks. The cyberattack did not impact payment card numbers, financial information, passport numbers, or Qantas account credentials. The breach was discovered on June 30, 2025, and Qantas advised customers to use two-factor authentication and refrain from sharing account passwords or personal financial information.

    Show sources
    Open in new tab
  2. 03.09.2025 19:40 πŸ“° 1 articles

    Workiva discloses data breach, ShinyHunters campaign expands

    Workiva, a leading cloud-based SaaS provider, disclosed a data breach where attackers stole business contact information from a third-party CRM system. The breach is part of a broader campaign by the ShinyHunters extortion group targeting Salesforce customers. The attackers exfiltrated a limited set of business contact information, including names, email addresses, phone numbers, and support ticket content. The group has been using voice phishing and stolen OAuth tokens to gain access to customer Salesforce instances. The breach affected Workiva's high-profile clients, including 85% of the Fortune 500 companies. The stolen information could be used in spear-phishing attacks. The article also highlights the ongoing campaign by ShinyHunters, which has impacted multiple companies, including Allianz Life.

    Show sources
    Open in new tab
  3. 19.08.2025 10:17 πŸ“° 2 articles

    Allianz Life confirms data breach affecting 1.1 million customers

    Allianz Life experienced a data breach in July 2025, where hackers accessed a third-party cloud CRM system and stole personal information of 1.1 million customers. The breach involved a malicious OAuth app linked to Salesforce instances, leading to the exfiltration of sensitive data. The extortion group ShinyHunters claimed responsibility and leaked the stolen data. The breach is part of a broader campaign targeting multiple high-profile companies, including Google, Adidas, Workday, Qantas, and Pandora. Allianz Life confirmed the breach but declined to provide additional details due to an ongoing investigation. The breach affected approximately 1.1 million of Allianz Life's 1.4 million customers. Allianz's parent company, Allianz SE, has over 125 million customers. The data breach notification website Have I Been Pwned confirmed the compromised data types. The breach was first reported by TechCrunch. The breach notification filing with Maine's attorney general did not list the total number of affected individuals. The compromised data was hosted on a Salesforce database, similar to breaches affecting Qantas, Google, and Pandora.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Wayne Memorial Hospital Ransomware Attack Affects 160,000 Individuals

Wayne Memorial Hospital (WMH) in Georgia has disclosed a ransomware attack that occurred in May 2024, impacting over 160,000 individuals. The breach involved unauthorized access to sensitive personal and medical information. The hospital identified the incident on June 3, 2024, and took immediate steps to secure its network and restore systems from backups. The Monti ransomware group has been linked to the attack. The compromised data includes names, dates of birth, Social Security numbers, driver’s license numbers, health insurance information, medical history, and prescription details. WMH is offering affected individuals 12 months of free credit monitoring and identity theft protection services. The hospital engaged legal counsel and cybersecurity professionals to investigate the attack and implement additional security measures.

Open in new tab

Plex Data Breach Exposes User Authentication Data

Plex, a media streaming platform, has experienced a data breach where an unauthorized third party accessed a subset of customer data from one of its databases. The compromised data includes email addresses, usernames, and securely hashed passwords. Users are advised to reset their passwords and enable two-factor authentication. The breach did not include payment card information. Plex has addressed the vulnerability used in the attack but has not disclosed technical details about the incident. Plex has also blocked the attackers' access to its systems and launched internal reviews to improve security. Users are encouraged to be wary of potential phishing attacks and to enable the 'Sign out connected devices after password change' option when resetting their passwords. Plex suffered a similar data breach back in 2022.

Open in new tab

Lovesac data breach after ransomware attack

American furniture brand Lovesac suffered a data breach between February 12, 2025, and March 3, 2025, impacting an undisclosed number of individuals. The breach involved unauthorized access to internal systems, resulting in the theft of personal data, including full names and other unspecified personal information. The breach was discovered on February 28, 2025, and the company has offered credit monitoring services to affected individuals. The RansomHub ransomware gang claimed responsibility for the attack, which occurred just before the group's shutdown in April 2025.

Open in new tab

Wealthsimple data breach exposes personal information of less than 1% of customers

Wealthsimple, a Canadian financial services firm, disclosed a data breach affecting less than 1% of its customers. Attackers accessed personal data, including contact details, government IDs, financial details, and Social Insurance Numbers. The breach occurred due to a compromised third-party software package. Wealthsimple confirmed that no funds were stolen and that customer accounts remain secure. The incident was detected on August 30, 2025. Affected customers are being offered two years of complimentary credit monitoring, dark-web monitoring, identity theft protection, and insurance. Wealthsimple advised customers to enable two-factor authentication (2FA) and remain vigilant against phishing attempts. The firm clarified that the breach is not related to the recent Salesforce data theft campaign.

Open in new tab

Multi-year phishing-as-a-service operation on Google Cloud and Cloudflare

A large-scale phishing-as-a-service (PhaaS) operation has been running undetected for over three years on Google Cloud and Cloudflare platforms. The scheme involved 48,000 hosts and 80 clusters, using expired domains to impersonate high-profile brands and deliver malware and gambling content. The operation exposed companies to regulatory and legal risks and victims to credential theft and data exposure. The campaign was discovered by Deep Specter Research, which found that the operation used cloaking techniques to manipulate search engine rankings and hide illicit content. The infrastructure included 86 physical IP addresses on Google Cloud in Hong Kong and Taiwan, along with 44,000 virtual IP addresses from Google Cloud and 4,000 from other providers. The operation impacted 200 known organizations, including Fortune 500 companies. The discovery highlights the need for companies to actively monitor and secure their expired or dormant domains to prevent such abuses.

Open in new tab