Allianz Life has confirmed that personal information belonging to 1.4 million customers was compromised in a data breach. The company detected the attack on July 16, 2025, notifying the Maine Attorney General the next day. In its statement, the insurance provider claimed that the “majority” of its customers are at risk.
Reportedly, the perpetrators employed sophisticated social engineering techniques to target Allianz employees, rather than seeking to exploit technical vulnerabilities in the company’s security infrastructure. It is thought to be the work of Scattered Spider, a hacking collective which recently brought the UK-based retailer, Marks & Spencer, to a standstill with a vicious cyberattack.
The latest high-profile data breach of this year spotlights the critical importance of investing in your infrastructure. With cyberattacks often sometimes proving terminal for businesses, it’s essential to procure the best talent, leverage the possibilities of AI, and upskill your existing employees on how to spot the warning signs.
“Majority” of Allianz Customers Affected by Data Breach
Allianz Life Insurance Company, a Minnesota-based subsidiary of Allianz SE, has suffered a massive data breach, the company confirmed on Saturday. According to a statement, the “majority” of its approximately 1.4 million customers were affected.
After discovering the breach on July 17, 2025, the company filed a disclosure with the Maine Attorney General. Reportedly, the attack targeted a third-party CRM platform used by the provider. An internal investigation found “no evidence” that any other systems were affected, said the company.
This just in! View
the top business tech deals for 2025 👨💻
The parent company, Allianz SE, revealed that the hackers were “able to contain personally identifiable data related to the majority of Allianz Life’s customers, financial professionals, and select Allianz Lie employees, using a social engineering technique.”
Hackers Use Humans as Attack Vector, Not Tech
Social engineering refers to exploiting human psychology, rather than technical vulnerabilities within an organization’s infrastructure. An example might include impersonating a colleague to try and gain access to someone’s details. The group responsible, thought to be Scattered Spider, typically contact company help desks, impersonate existing employees, and attempt to get passwords reset.
Scattered Spider recently made headlines with a wide-ranging cyberattack on UK-based retailer, Marks & Spencer. The impacts lasted for months and incurred more than $400 million in financial losses. Previously, the group has taken aim at MGM Resorts and Caesar’s Palace.
The Allianz hack is the latest in a growing list of attacks on insurance vendors. In June, Aflac was breached by bad actors, with an investigation ongoing. Erie Insurance and Philadelphia Insurance have also been hit with similar attacks in recent months.
Businesses Deserting Basic Cybersecurity Duties
According to a recent report from Experis, cybersecurity is the chief concern of businesses across the tech sector in 2025. And it’s not hard to see why. Here at Tech.co, we maintain a running list of major data breaches, and we’re always shocked by the sheer frequency with which they occur.
Clearly, businesses are not doing enough to safeguard themselves against potential threats. More than just a question of investment, cybersecurity depends upon collective responsibility. In other words, it’s vitally important that your business is hiring the best talent and upskilling its existing employees with best practices.
And this is a requirement right across the business — according to our own research, a shocking 98% of senior leaders are unable to identify all the signs of a phishing scam. If we don’t act now to turn the tide on threat actors, this problem will continue to spiral out of control — and the consequences will be severe.
