- Allianz Life was attacked in the Shinyhunters attack campaign
- Haveibeenpwned now estimates that 1.1 million allianz Life clients were affected
- This campaign has affected a large number of companies
The number of clients affected by the recent data violation of Allianz Life has been confirmed in around 1.1 million customers, said the non -compliance notification site.
“Allianz attributed the attack on” a social engineering technique “that went to data on Salesforce and resulted in the exposure of 1.1 million email addresses, names, genres, birth dates, telephone numbers and physical addresses,” confirms the site.
The insurance firm was attacked in early 2025, with the “majority” of the 1.4 million clients of the firm that have exposed confidential data, after an intrusion occurred through a Salesforce CRM system based on the third -party cloud used by the company.
An ongoing campaign
It also seems likely that this violation is connected to a series of other infractions in an ongoing campaign that takes advantage of the Salesforce platform in data theft attacks.
Allianz Life has not been confirmed that this rape is part of the broader campaign, but the moment and similarities of this violation coincide with others directed within the extortion attacks of Shinyhunters aimed at Salesforce customers.
That said, Salesforce denies that its platform has been compromised;
“The Salesforce platform has not been compromised, and this problem is not due to any known vulnerability in our technology,” a spokesman told Techradar Pro.
“We know how disruptive and stressful these incidents can be, and our teams are totally committed to support affected customers and help minimize any impact. Our blog provides an additional context and guidance to strengthen security posture against social engineering attacks, including best practices, strong access controls and proactive measures.”
Among those violated in the Shinyhunters campaign are Google, AT&T, Santander and many others.
Because personal information such as email addresses, names, birth dates, physical addresses and telephone numbers during rape, any interested consumer must ensure the best protection of identity theft to stay safely.
Protective measures
For any organization interested in violation, it is important to remember that such incidents originate in social engineering attacks, so the most crucial thing to implement is a rigorous phishing training program and ensure that employees trust to identify social engineering attempts with regular tests.
Apart from that, ensuring implementing the best final points protection tools can protect your business and respond to attacks faster.
“Once the attackers enter third -party platforms such as CRMS, they not only steal data but are configured for the next movement,” says Security Director (CSO) and Evp (Ciso) information security in Thingsrecon, Tim Grieveson.
“Even if only ‘basic’ details are taken such as commercial names and contact information, these assets are rich combustibles for phishing, supplantation and exploitation of the supply chain. The repercussions fall in a waterfall and companies must stop thinking about external tools such as the problem of another person. If their customer data lives there, they also do it their risk. They go their data, who can access them, and when it is being protected.
