Allianz Life Insurance Company of North America has confirmed a significant data breach that exposed personal information of the majority of its 1.4 million U.S. customers. The breach occurred on July 16, when a malicious cybercriminal exploited a third-party, cloud-based system used by Allianz Life, using a sophisticated social engineering technique to gain unauthorized access.
The Minneapolis-based insurer, a subsidiary of Munich-headquartered Allianz SE, clarified that none of its internal systems were compromised. Instead, the breach was confined to a third-party platform. In a public statement, Allianz Life said it took “immediate action to contain and mitigate the issue” and promptly notified the FBI and other regulatory authorities, including the Maine Attorney General’s Office.
The company is now reaching out to affected customers, financial professionals, and select employees whose data was accessed. To protect impacted individuals, Allianz Life is offering 24 months of complimentary identity theft protection and credit monitoring.
While the specific personal data compromised has not been disclosed due to an ongoing investigation, such breaches typically involve sensitive information like Social Security numbers, financial details, and contact information. The insurer emphasized that this incident affects only Allianz Life in the U.S. and not other subsidiaries of Allianz SE.
Social engineering—often involving deceptive tactics to trick users or employees—was the key method used in this breach, highlighting the rising sophistication of cyberattacks targeting the financial sector.
Allianz Life, with nearly 2,000 U.S. employees and part of a global group serving 125 million customers worldwide, said it remains committed to strengthening security measures to protect its clients. As the investigation unfolds, the company aims to restore trust while reinforcing defenses against future attacks.
