Allianz Life Insurance Company of North America has confirmed that hackers stole personal data belonging to a majority of its 1.4 million customers in a recent cyberattack, the company’s German parent firm announced.
The breach, which was disclosed in a legal filing to the Attorney General’s office in the U.S. state of Maine, involved unauthorized access to a third-party cloud-based customer relationship management (CRM) system used by Allianz Life. The cyberattack took place on July 16, 2025.
In a statement provided to the BBC, Allianz said a “malicious threat actor” exploited the system using a social engineering tactic — a method of cyber intrusion that manipulates individuals into divulging confidential information, often by impersonating trusted sources.
“Allianz Life has determined that the attacker was able to obtain personally identifiable data related to the majority of Allianz Life’s customers, financial professionals, and some employees,” the company stated.
While the full scope of the breach has not been detailed, Allianz clarified that its internal network, including its core policy administration system, remained secure and was not accessed during the incident.
The firm said it took immediate steps to contain the breach and has since notified the Federal Bureau of Investigation (FBI). It is also in the process of directly informing those affected.
“Allianz Life is actively supporting impacted individuals and working to strengthen its cybersecurity protocols in collaboration with third-party security experts,” the statement added.
Allianz Life, based in Minnesota, operates as a subsidiary of Allianz SE, one of the world’s largest insurance and financial services providers with more than 125 million customers globally.
Although the breach was limited to Allianz Life’s operations in North America, cybersecurity analysts say the incident underscores growing concerns about the vulnerability of financial institutions to sophisticated social engineering attacks — which often target cloud-based infrastructure and human error rather than internal systems.
Cybersecurity experts are urging businesses to increase employee training and implement stricter verification processes to counter these types of attacks.
The incident comes amid a wave of high-profile breaches affecting insurers, banks, and other critical industries in 2025, adding pressure on regulators and firms to bolster cyber defenses and transparency standards.
Allianz has not yet disclosed the exact number of individuals impacted, but reassured the public that it is committed to resolving the issue and maintaining trust with its clients.
