16 hours ago
Allianz Data Breach Exposes Vulnerabilities Affecting Everyone
Data breaches are an unfortunate fact of life for all of us and can readily lead to identity theft and other harm. Last year alone there were 5.5 billion user accounts compromised worldwide by data breaches, an 800% increase over 2024 and 2025 appears to be on its way to a record number of data breaches.
Allianz Life, a major insurance company suffered a data breach on July 16th due to a supply chain attack, which occurs when cybercriminals target a company used by their real target to steal information. In this case the cybercriminals used social engineering tactics to steal personal information of Allianz Life customers, financial professionals and employees through a cloud-based customer relationship management (CRM) system used by Allianz. In the United States alone, Alianz Life has 1.4 million customers.
The compromised data included names, addresses, birth dates, Social Security numbers, contact details, insurance policy information, and possibly other sensitive financial data.
In this particular data breach the hacker posed as an IT helpdesk employee and managed to convince employees of Allianz to authorize access to its Salesforce CRM system enabling access to the Salesforce Data Loader tool which allows the transfer of bulk data.
While Allianz has indicated that its own computer systems were not hacked, that is of no consolation to the victims of this data breach as the personal information its customers and others had provided to Allianz was still readily compromised. Today many, if not most, companies use and rely on cloud services, vendors and other external partners to manage their data and operations leaving customers' data vulnerable when their employees are manipulated through social engineering.
Using social engineering to attack companies does not require sophisticated technological knowledge to create malware to achieve a data breach, but rather merely requires the use of psychology to convince employees at the targeted companies to open the door to their data.
So what can companies do to combat this threat?
Cybersecurity is often seen as a purely technical matter when it should also incorporate the vulnerable human elements through continuing cybersecurity awareness programs. In addition, companies should institute a zero trust policy where all access should be verified and sensitive data encrypted. Dual factor authentication should also be required for access to sensitive systems so that even if passwords are managed to be stolen, the data will still be protected. Finally, AI tools can be used to recognize and block unusual behavior.
What can we do to protect ourselves from data breaches?
Limiting the amount of personal information you provide to any company is important, but many companies and government agencies have a need for sensitive personal information. Freezing your credit is something everyone should do. It is free and easy to do. It protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number. If you have not already done so, put a credit freeze on your credit reports at all of the major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
Experian
Equifax
TransUnion
Everyone also should monitor their credit reports regularly for indications of identity theft. Some scammers have websites that appear to offer "free" credit reports, but if you read the fine print, you often may find that you have signed up for unnecessary services. The three major credit reporting agencies now provide free weekly access to your credit reports so you can monitor your credit reports easily on your own. Here is the only link to use to get your free credit reports.
Finally, be wary of anyone who calls you purporting to help you in regard to any data breach who asks for personal information in regard to a data breach as that is a favorite tactic of identity thieves to lure you into providing additional personal information that can lead to your becoming a victim of identity theft. Also, as always, never click on a link or download an attachment to an email or text message unless you have absolutely confirmed that it is legitimate and don't provide personal information in response to an email, text message or phone call unless you have absolutely confirmed that the communication was legitimate.
