Allianz Data Breach Exposes Vulnerabilities Affecting Everyone
Allianz Life, a major insurance company suffered a data breach on July 16th due to a supply chain attack, which occurs when cybercriminals target a company used by their real target to steal information. In this case the cybercriminals used social engineering tactics to steal personal information of Allianz Life customers, financial professionals and employees through a cloud-based customer relationship management (CRM) system used by Allianz. In the United States alone, Alianz Life has 1.4 million customers.
The compromised data included names, addresses, birth dates, Social Security numbers, contact details, insurance policy information, and possibly other sensitive financial data.
In this particular data breach the hacker posed as an IT helpdesk employee and managed to convince employees of Allianz to authorize access to its Salesforce CRM system enabling access to the Salesforce Data Loader tool which allows the transfer of bulk data.
While Allianz has indicated that its own computer systems were not hacked, that is of no consolation to the victims of this data breach as the personal information its customers and others had provided to Allianz was still readily compromised. Today many, if not most, companies use and rely on cloud services, vendors and other external partners to manage their data and operations leaving customers' data vulnerable when their employees are manipulated through social engineering.
Using social engineering to attack companies does not require sophisticated technological knowledge to create malware to achieve a data breach, but rather merely requires the use of psychology to convince employees at the targeted companies to open the door to their data.
So what can companies do to combat this threat?
Cybersecurity is often seen as a purely technical matter when it should also incorporate the vulnerable human elements through continuing cybersecurity awareness programs. In addition, companies should institute a zero trust policy where all access should be verified and sensitive data encrypted. Dual factor authentication should also be required for access to sensitive systems so that even if passwords are managed to be stolen, the data will still be protected. Finally, AI tools can be used to recognize and block unusual behavior.
What can we do to protect ourselves from data breaches?
Limiting the amount of personal information you provide to any company is important, but many companies and government agencies have a need for sensitive personal information. Freezing your credit is something everyone should do. It is free and easy to do. It protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number. If you have not already done so, put a credit freeze on your credit reports at all of the major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
Experian
Equifax
TransUnion
Everyone also should monitor their credit reports regularly for indications of identity theft. Some scammers have websites that appear to offer "free" credit reports, but if you read the fine print, you often may find that you have signed up for unnecessary services. The three major credit reporting agencies now provide free weekly access to your credit reports so you can monitor your credit reports easily on your own. Here is the only link to use to get your free credit reports.
Finally, be wary of anyone who calls you purporting to help you in regard to any data breach who asks for personal information in regard to a data breach as that is a favorite tactic of identity thieves to lure you into providing additional personal information that can lead to your becoming a victim of identity theft. Also, as always, never click on a link or download an attachment to an email or text message unless you have absolutely confirmed that it is legitimate and don't provide personal information in response to an email, text message or phone call unless you have absolutely confirmed that the communication was legitimate.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
9 minutes ago
- Yahoo
31 Concept to Debut Patent-Pending Technology at ISS Asia 2025 in Singapore
After just seven months in stealth mode, 31 Concept's research division delivers a breakthrough in network intelligence - now patent-pending and set to debut at one of the world's top security conferences. DUBAI, AE / / August 11, 2025 / 31 Concept (31C), an emerging leader in network intelligence and cybersecurity innovation, today announced it will unveil its first patent-pending technology at ISS Asia 2025 in Singapore. The breakthrough, developed entirely within the company's 31 Concept Research Lab, marks a major milestone for the startup, which is stepping out of stealth mode after just seven months of intense development. The 31 Concept Research Lab serves as the company's innovation engine, uniting world-class experts in deep packet inspection, AI-driven analytics, cybersecurity, and advanced networking. With decades of combined experience from projects spanning telecom, military, and national infrastructure, the lab's team operates at the intersection of applied research and practical deployment, delivering solutions designed to solve real-world challenges at scale. "Our patent-pending technology is the direct result of the unique expertise and relentless drive inside our Research Lab," said Misha Hanin, CEO and Co-Founder of 31C. "We built this in record time without compromising on quality or innovation. This is just the first step in a series of breakthroughs we intend to bring to the market." ISS Asia, recognized as one of the most important professional conferences in the world for intelligence, security, and law enforcement technologies, will provide the global stage for the debut. The event draws leaders from government, telecom, and private industry, making it the perfect venue for 31C's first public presentation. "The speed at which the 31 Concept Research Lab turned a concept into a patent-pending reality shows the strength of our people and our process," added Boriss Heismann, CTO of 31C. "This is technology designed to address the most pressing needs in network visibility, security, and performance - and to do it in ways the industry has not seen before." The company's presentation at ISS Asia 2025 will highlight the capabilities of the new platform, detail the patent-pending elements, and outline the roadmap for further innovations currently in development. About 31C31 Concept is a technology company focused on next-generation data intelligence platforms for telecom providers, governments, and regulated industries. Its flagship R&D division, the 31 Concept Research Lab, develops breakthrough technologies in network intelligence, cybersecurity, and AI-driven analytics. Contact Information Misha Hanin SOURCE: 31 Concept Related Images View the original press release on ACCESS Newswire Sign in to access your portfolio
Digital Trends
5 hours ago
- Digital Trends
ChatGPT advice pushed a man into psychosis seen in the 20th century
Earlier this year, an uplifting story detailed how a mother turned to ChatGPT and discovered that her son was suffering from a rare neurological disorder, after more than a dozen doctors had failed to identify the real problem. Thanks to the AI chatbot, the family was able to access the required treatment and save a life. Not every case of ChatGPT medical evaluation leads to a miraculous outcome. The latest case of ChatGPT doling out misleading medical advice ended up giving a person a rare condition called Bromide Intoxication, or Bromism, that leads to various neuropsychiatric issues such as psychosis and hallucinations. Trust ChatGPT to give you a disease from a century ago. A report published in the Annals of Internal Medicine describes a case involving a person who landed himself in a hospital due to bromism after seeking medical advice from ChatGPT regarding their health. The case is pretty interesting because the 60-year-old individual expressed doubt that their neighbour was discreetly poisoning them. Recommended Videos The whole episode began when the person came across reports detailing the negative impact of sodium chloride (aka common salt). After consulting with ChatGPT, the individual replaced the salt with sodium bromide, which eventually led to bromide toxicity. 'He was noted to be very thirsty but paranoid about water he was offered,' says the research report, adding that the patient distilled their own water and put multiple restrictions on what they consumed. The situation, however, soon worsened after being admitted to a hospital, and evaluations were conducted. 'In the first 24 hours of admission, he expressed increasing paranoia and auditory and visual hallucinations, which, after attempting to escape, resulted in an involuntary psychiatric hold for grave disability,' adds the report. Don't forget the friendly human doctor The latest case of ChatGPT landing a person in a pickle is quite astounding, particularly due to the sheer rarity of the situation. 'Bromism, the chronic intoxication with bromide is rare and has been almost forgotten,' says a research paper. The use of bromine-based salts dates back to the 19th century, when it was recommended for curing mental and neurological diseases, especially in cases of epilepsy. In the 20th century, bromism (or bromide toxicity) was a fairly well-known problem. The consumption of bromide salts has also been documented as a form of sleep medication. Over time, it was discovered that the consumption of bromide salts leads to nervous system issues such as delusions, lack of muscle coordination, and fatigue, though severe cases are characterized by psychosis, tremors, or even coma. In 1975, the US government restricted the use of bromides in over-the-counter medicines. Now, the medical team that handled the case could not access the individual's ChatGPT conversations, but they were able to obtain similar worryingly misleading answers in their test. OpenAI, on the other hand, thinks that AI bots are the future of healthcare. 'When we asked ChatGPT 3.5 what chloride can be replaced with, we also produced a response that included bromide. Though the reply stated that context matters, it did not provide a specific health warning, nor did it inquire about why we wanted to know, as we presume a medical professional would do,' the team reported. Yes, there are definitely cases where ChatGPT has helped a person with health issues, but we can only expect positive results when the AI is provided detailed context and comprehensive information. But despite that, experts suggest that one should exercise extreme caution. 'The ability of ChatGPT (GPT-4.5 and GPT-4) to detect the correct diagnosis was very weak for rare disorders,' says a research paper published in the Genes journal, adding that ChatGPT consultation can't be taken as a replacement for proper evaluation by a doctor. The biggest hurdle, obviously, is that the AI assistant can't reliably investigate the clinical features of a patient. Only when AI is deployed in a medical environment by certified health professionals can it yield trusted results.
Yahoo
5 hours ago
- Yahoo
Security flaws in a carmaker's web portal let one hacker remotely unlock cars from anywhere
A security researcher said flaws in a carmaker's online dealership portal exposed the private information and vehicle data of its customers, and could have allowed hackers to remotely break into any of its customers' vehicles. Eaton Zveare, who works as a security researcher at software delivery company Harness, told TechCrunch the flaw he discovered allowed the creation of an admin account that granted 'unfettered access' to the unnamed carmaker's centralized web portal. With this access, a malicious hacker could have viewed the personal and financial data of the carmaker's customers, track vehicles, and enroll customers in features that allow owners — or the hackers — control some of their car's functions from anywhere. Zveare said he doesn't plan on naming the vendor, but said it was a widely known automaker with several popular sub-brands. In an interview with TechCrunch ahead of his talk at the Def Con security conference in Las Vegas on Sunday, Zveare said the bugs put a spotlight on the security of these dealership systems, which grant their employees and associates broad access to customer and vehicle information. Zveare, who has found bugs in carmakers' customer systems and vehicle management systems before, found the flaw earlier this year as part of a weekend project, he told TechCrunch. He said while the security flaws in the portal's login system was a challenge to find, once he found it, the bugs let him bypass the login mechanism altogether by permitting him to create a new 'national admin' account. The flaws were problematic because the buggy code loaded in the user's browser when opening the portal's login page, allowing the user — in this case, Zveare — to modify the code to bypass the login security checks. Zveare told TechCrunch that the carmaker found no evidence of past exploitation, suggesting he was the first to find it and report it to the carmaker. When logged in, the account granted access to more than 1,000 of the carmakers' dealers across the United States, he told TechCrunch. 'No one even knows that you're just silently looking at all of these dealers' data, all their financials, all their private stuff, all their leads,' said Zveare, in describing the access. Zveare said one of the things he found inside the dealership portal was a national consumer lookup tool that allowed logged-in portal users to look-up the vehicle and driver data of that carmaker. In one real-world example, Zveare took a vehicle's unique identification number from the windshield of a car in a public parking lot and used the number to identify the car's owner. Zveare said the tool could be used to look-up someone using only a customer's first and last name. With access to the portal, Zveare said it was also possible to pair any vehicle with a mobile account, which allows customers to remotely control some of their car's functions from an app, such as unlocking their cars. Zveare said he tried this out in a real-world example using a friend's account and with their consent. In transferring ownership to an account controlled by Zveare, he said the portal requires only an attestation — effectively a pinky promise — that the user performing the account transfer is legitimate. 'For my purposes, I just got a friend who consented to me taking over their car, and I ran with that,' Zveare told TechCrunch. 'But [the portal] could basically do that to anyone just by knowing their name — which kind-of freaks me out a bit — or I could just look up a car in the parking lots.' Zveare said he did not test whether he could drive away, but said the exploit could be abused by thieves to break into and steal items from vehicles, for example. Another key problem with access to this carmaker's portal was that it was possible to access other dealer's systems linked to the same portal through single sign-on, a feature that allows users to login into multiple systems or applications with just one set of login credentials. Zveare said the carmaker's systems for dealers are all interconnected so it's easy to jump from one system to another. With this, he said, the portal also had a feature that allowed admins, such as the user account he created, to 'impersonate' other users, effectively allowing access to other dealer systems as if they were that user without needing their logins. Zveare said this was similar to a feature found in a Toyota dealer portal discovered in 2023. 'They're just security nightmares waiting to happen,' said Zveare, speaking of the user-impersonation feature. Once in the portal Zveare found personally identifiable customer data, some financial information, and telematics systems that allowed the real-time location tracking of rental or courtesy cars, as well as cars being shipped across the country, and the option to cancel them — though, Zveare didn't try. Zveare said the bugs took about a week to fix in February 2025 soon after his disclosure to the carmaker. 'The takeaway is that only two simple API vulnerabilities blasted the doors open, and it's always related to authentication,' said Zveare. 'If you're going to get those wrong, then everything just falls down.' Error while retrieving data Sign in to access your portfolio Error while retrieving data Error while retrieving data Error while retrieving data Error while retrieving data
