Allianz Life confirms data breach exposed Social Security numbers: "majority" of its 1.4M customers affected

On July 16, 2025, Allianz Life Insurance Company of North America experienced a significant data breach when a malicious threat actor accessed a third-party, cloud-based customer relationship management (CRM) system used by the company.

According to Allianz Life, the attacker used a social engineering technique to gain unauthorized access, allowing them to obtain personally identifiable information (PII) related to the "majority" of Allianz Life’s 1.4 million customers, financial professionals, and select employees.

The breach was discovered on July 17, 2025, and was first disclosed to the Maine Attorney General’s office on July 25, 2025. Later state attorneys generals' offices were notified on the 25th, including Massachusetts and California. The Texas Attorney General's office was notified on July 28th confirming the exposed personally identifiable information types include names of individuals, addresses, Social Security numbers, and dates of birth.

The company stated that the breach was limited to the third-party CRM platform and did not extend to other company systems. At this time, Allianz Life has not shared whether the attacker communicated demands or if a specific hacking group has claimed responsibility.

Allianz's response

According to public statements, after discovering the breach, Allianz Life took action to contain and mitigate the incident. The company notified the FBI and launched an internal investigation to determine the scope and impact of the breach.

According to Allianz Life, there is no evidence that its core network or policy administration systems were compromised, as the incident was isolated to the third-party CRM platform.

Allianz Life has begun the process of notifying affected individuals and has committed to providing dedicated resources to assist them. Written notices to consumers are being sent as impacted individuals are identified, with the first notifications beginning Aug. 1, 2025.

Given the nature of the breach, individuals who receive a notice from Allianz Life should remain vigilant for suspicious emails, phone calls or other communications that could be attempts at phishing or fraud. It is advisable to monitor financial accounts and credit reports for any unusual activity.

If any suspicious activity is detected, affected individuals should contact their financial institutions and consider placing a fraud alert or credit freeze on their credit files.

More information about the company can be found on the Allianz Life website.