Allianz Life Salesforce Breach 2025:
What You Need to Know
Approximately 2.8 million Allianz Life customer and partner records were stolen from its Salesforce instance as part of the broader 2025 ShinyHunters / Scattered Spider campaign. Here is what happened, what data was leaked, and steps you can take to protect yourself.
Your personal risk from this breach
Sign in or create a free account to see your personalised risk score.
What Happened
How the Allianz Life Breach Unfolded
May to July 2025
Operators associated with the ShinyHunters and Scattered Spider collectives conducted vishing (voice phishing) attacks against Allianz Life helpdesk staff, ultimately convincing an agent to reset MFA on a Salesforce administrator account.
16 July 2025
Allianz Life publicly confirmed the Salesforce-tenant breach, disclosing that approximately 2.8 million records belonging to US customers and partners had been exfiltrated. Crucially, Salesforce itself was not breached; attackers used legitimate credentials obtained via social engineering.
Allianz Life clarified that the incident affected its US life-insurance subsidiary only and that Allianz SE's European operations and core policy systems were unaffected.
Late July 2025
Allianz Life notified the relevant US state attorneys general and began direct customer notifications by mail and email, with details of the exposed data and next steps.
August 2025
Allianz Life offered affected customers credit monitoring through a third-party provider, with enrolment instructions delivered as part of the customer notification letter.
Q3 to Q4 2025
Allianz Life confirmed it had expanded its helpdesk identity-verification controls and reviewed privileged-access workflows for its Salesforce tenant in response to the attack pattern observed across the broader 2025 Salesforce campaign.
Sources: Obsidian Security (2025), Allianz Life
What Was Exposed
Personal Data Leaked in the Breach
The breach affected customer-relationship records held in Allianz Life's Salesforce tenant. Exposure varies between individuals: most affected records included names and contact details, with a subset also including mailing address, policy identifiers, and partner / agent contact information.
| Data Type | Risk Level | Who Was Affected |
|---|---|---|
| Full name | High | All approximately 2.8 million affected customers and partners |
| Email address | High | All approximately 2.8 million affected customers and partners |
| Phone number | High | Subset of affected customers and partners |
| Home/mailing address | High | Subset of affected customers and partners |
| Policy / customer ID | Medium | Subset of affected customers |
| Partner / agent records | Medium | Broker firm names and contact details for partner accounts |
Risk levels based on the OAIC: What is personal information? and OAIC Australian Privacy Principles. Identity-linked data (name, address, contact details) is rated higher due to its potential use in identity fraud and targeted phishing.
✅ Confirmed NOT Exposed
Allianz Life confirmed that policy details, beneficiary information, Social Security numbers, and payment information were stored in separate systems and not affected by this incident. Allianz SE's European operations were not affected, and no medical underwriting data was in scope.
Company Response
What Allianz Life Did
“The threat actor used social engineering to obtain access to one of our cloud-based customer relationship management systems. Our core policy systems were not affected.”
Actions Taken by Allianz Life
- Immediately revoked the compromised Salesforce administrator credentials
- Engaged external incident-response specialists to scope the exfiltration
- Notified US state attorneys general and federal authorities
- Began direct customer notifications by mail and email in late July 2025
- Offered free credit monitoring through a third-party provider
- Expanded helpdesk identity-verification controls to defend against vishing
- Reviewed privileged-access workflows for its Salesforce tenant
What Now?
Steps You Can Take After the Allianz Life Breach
Although Social Security numbers and policy details were not exposed, the combination of name email phone and mailing address is sufficient for attackers to craft highly convincing phishing and impersonation attempts. Here are general best-practice steps, organised by the types of accounts most commonly affected.
Insurance and Financial Accounts
Your Allianz Life relationship details were exposed. Securing related accounts is a sensible first step.
Secure your Allianz Life portal account
~5 minVerify any unsolicited contact about your policy
Email and Digital Identity
Your email is the key to your digital identity. Securing it is a sensible first step.
Strengthen email security
~5 minUnderstand your full account exposure
Identity Protection
Name + address + contact details is commonly used in identity verification by financial institutions.
Place a credit freeze (US residents)
~20 minPlace a credit ban (AU residents)
~20 minStay alert for targeted phishing
Monitoring and Reporting
US-focused resources, with AU and EU equivalents for international residents.
Report identity theft (US residents)
Contact IDCare (AU and NZ residents)
Report to your national DPA (EU residents)
Not sure which of your accounts are affected?
In The Event Of discovers your accounts automatically and alerts you in real time when new breaches affect your data.
Are You Still at Risk?
The Hidden Danger: Compound Breach Exposure
The Allianz Life breach did not happen in isolation. It is one of the most prominent victims of the wider 2025 Salesforce vishing campaign, which compromised dozens of corporate Salesforce tenants. If your data also appeared in related incidents, the combination can build a far more complete identity profile.
How breach data compounds
On its own, the Allianz Life breach exposed names, emails, phone numbers, and mailing addresses. But if your email also appeared in the wider Salesforce campaign or in older incidents such as Equifax, the combined data set may include SSN, identity documents, and detailed credit information. This kind of compound exposure significantly increases the risk of identity fraud.
- Qantas (2025)5.7M records - same Salesforce vishing campaign
- Salesforce ShinyHunters Campaign (2025)~1B aggregate records across dozens of Salesforce tenants
- Workday (2025)Same campaign - HR / customer CRM exposure
- Equifax (2017)147M records - name, address, SSN combination
If your email appears in two or more of these breaches, your risk level is significantly elevated. In The Event Of can overlay your breach data to show exactly where your exposure compounds, and help you prioritise what to address first.
Frequently Asked Questions
Allianz Life Breach FAQ
Sources
- Obsidian Security: "Allianz data leaked in major wave of Salesforce attacks"
- Allianz Life Insurance Company of North America
- US Federal Trade Commission: IdentityTheft.gov
- Equifax: Credit freeze (US)
- IDCare (Australia and New Zealand identity support)
- OAIC: What is personal information? (Privacy Act 1988 categories)
Other Major Australian Data Breaches
Data from multiple breaches can be combined to increase identity fraud risk. Review these guides to understand your full exposure.
NYC Health + Hospitals Data Breach 2026
~1.8M records exposed
Australian Courts Data Breach 2026
Thousands of files records exposed
youX Data Breach 2026
~444K records exposed
Prosura Data Breach 2026
300K-500K records exposed
Canvas (Instructure) Data Breach 2026
~275M (claimed) records exposed
Booking.com Data Breach 2026
Undisclosed records exposed
McGraw Hill Data Breach 2026
13.5M records exposed
Crunchyroll Data Breach 2026
Undisclosed records exposed
Eurail Data Breach 2026
300K+ records exposed
Basic-Fit Data Breach 2026
1M records exposed
Under Armour Data Breach 2025
72M records exposed
Salesforce (ShinyHunters) Data Breach 2025
~1B records exposed
Workday Data Breach 2025
Undisclosed records exposed
Western Sydney University Data Breach 2025
10K records exposed
Genea Fertility Data Breach 2025
940K records exposed
DeepSeek Data Breach 2025
1M records exposed
Tangerine Telecom Data Breach 2024
232K records exposed
Australian Clinical Labs Data Breach 2022
223K records exposed
Qantas Data Breach 2025
5.7M records exposed
Optus Data Breach 2022
9.8M records exposed
Medibank Data Breach 2022
9.7M records exposed
Latitude Financial Data Breach 2023
14M records exposed
MyDeal (Woolworths) Data Breach 2022
2.2M records exposed
Disclaimer: This guide is provided for general informational purposes only and does not constitute legal, financial, or professional advice. The information is based on publicly available sources at the time of writing and may not reflect the most current developments. In The Event Of Pty Ltd (ABN 38 687 352 647) is not affiliated with Allianz Life Insurance Company of North America or Allianz SE. If you believe you have been affected by this data breach, we recommend contacting the relevant authorities and seeking professional guidance specific to your circumstances.