Allianz Says Hacker Accessed Most of 1.4 Million US Customers’ Data
A system breach at Allianz Life impacted most of the insurer’s U.S. customers’ personal data.
[contact-form-7]That’s according to a report Saturday (July 26) by Bloomberg News, citing a statement from the company on the data breach on July 16.
During this incident, a “malicious threat actor” accessed a third-party, cloud-based system used by Allianz and obtained personally identifiable data for the bulk of the German company’s 1.4 million customers in North America along with that of financial professionals and some employees.
“We took immediate action to contain and mitigate the issue and notified the FBI,” the company said, adding that it had not seen evidence the hacker had accessed its own network.
The company has begun contacting the people impacted by the hack and has disclosed it in a filing with the Maine attorney general’s office.
As covered here earlier this year, data breaches that involve third parties are becoming common. Verizon’s 2025 Data Breach Investigations Report found that 30% of the breaches that occurred during the year ending Oct. 31, 2024, involved third parties like suppliers, vendors or outsourced IT support, up from 15% the prior year.
“While, to some extent, software vendors have long played a part in unintentionally increasing the attack surface for those who use their products and services, over the last two to three years, it has moved from the occasional (and typically minor to moderate) mishap to a much more widespread and insidious problem that can (and sometimes does) have a devastating effect on enterprises,” the report said.
The report added that “when you are working with a third party, you have to consider their security limitations as well as your own.”
In other cybersecurity news, PYMNTS wrote last week about the promise, and risk, of using agentic artificial intelligence (AI) for data protection.
By definition, that report said, agentic AI systems act independently, with that independence bringing about new governance and compliance challenges. Who is responsible if an AI agent flags a critical system by mistake and shuts it down? And what happens if a company’s agent fails to identify a breach?
“The emergence of agentic AI solutions for cybersecurity also has enterprise composition implications,” PYMNTS wrote. “As workforces remain hybrid and attack surfaces widen, endpoint security is only as good as its weakest device. Bringing autonomous protection to the edge — phones, browsers, apps — may no longer be optional.”
The post Allianz Says Hacker Accessed Most of 1.4 Million US Customers’ Data appeared first on PYMNTS.com.