At least 1.4 million Americans have had their personal information exposed in a data breach that struck the Allianz Life Insurance Company of North America on July 16th. The hackers accessed customer data through a third-party, cloud-based customer relationship management (CRM) platform using social engineering techniques to break in, which is exactly how a string of similar data breaches affected other healthcare and insurance companies occurred.
Allianz discovered the breach on July 17, and according to reporting from Fox News, “took immediate action to contain and mitigate the issue,” including notifying federal law enforcement and the FBI. The breach does appear to have been limited to the U.S. branch of the company, and there does not appear to be any evidence that the Allianz Life network or any other company systems were accessed.
While Allianz has released very limited information about the details of the breach so far, it is known that the breach does involve the exposure of data belonging to customers, financial professionals and some employees. It is not known what types of personal data were stolen in the incident, however, life insurance companies are often involved with highly sensitive personal info so this stolen data set could very well likely include Social Security numbers, birthdates and financial details among other things.
Allianz also hasn’t shared who might be behind the attack, and the threat actors responsible have not requested a ransom. Various cybersecurity experts have suggested that Scattered Spider may be responsible though.
Scattered Spider is a financially motivated hacking group known for using similar social engineering tactics that has been targeting insurance companies in recent months. Such companies are often targets because of the types of personal information that they collect and hold, including personal details, financial information and medical histories.
The security issue has been patched at this time, and Allianz is continuing its investigation. It has begun to reach out to affected individuals in order to offer support; according to the letter filed with the Maine Attorney General’s office they will be offering free identity theft protection to impacted individuals for 24 months.
How to stay safe after a data breach
After a data breach ,the best way to protect yourself is by using one of the best identity theft protection services. However, in order to get access to the identity theft insurance and extra support these services provide, you need to sign up before falling victim to a data breach. The best antivirus software can also help protect you and your devices from malware and online threats.
It's awlays important to stay vigilant against phishing and social engineering attacks after a data breach, but you also want to carefully monitor your personal and financial accounts for suspicious activity. The best way to stay safe against phishing is to avoid clicking on any links, QR codes or attachments in an email or message from an unknown sender.
In order to protect yourself against most common social engineering attacks, it’s always best to be wary anytime you're approached through social media or by contacts offering opportunities that seem to good to be true. Be extra careful online, practice proper cyber hygiene and educate yourself about the latest online scams and cyberattacks, especially with back to school right around the corner.
We'll update this story when we hear more from Allianz regarding the types of data that were stolen and how many of its customers and employees are impacted. If you're information was exposed as a result of this breach though, you'll likely receive a data beach notification letter in the mail, so make sure you're actively checking your mailbox.
Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
More from Tom's Guide
- Google Calendar bug uses Gemini to take over smart home devices and steal user data
- Almost 900,000 students and alumni hit in major college data breach — financial-aid info, Social Security numbers and more exposed
- Hackers love these 7 smart home devices — here’s how to keep them secure
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
