Allianz Life, a U.S. subsidiary of global insurer Allianz SE, has confirmed that hackers compromised the personal data of 1.1 million customers, highlighting growing risks for financial services firms that depend on third-party cloud platforms.

The company, which serves 1.4 million customers in the U.S., said that the breach was discovered in July and stemmed from a compromise of a Salesforce-based customer relationship management (CRM) system on July 16th. The hackers gained access by deploying malicious OAuth applications, which allowed them to infiltrate Salesforce systems before downloading the company’s databases.

What data is Leaked?

According to the breach notification site Have I Been Pwned, the leaked data includes names, email addresses, phone numbers, physical addresses, genders, and dates of birth. In some cases, Social Security numbers and tax IDs were also compromised. The breach also extended to certain Allianz Life employees, whose information was exposed alongside customer data.

The notorious cybercrime group ShinyHunters, which has claimed responsibility for the cyberattack, has carried out a series of high-profile cyberattacks in recent years, including breaches at AT&T, Snowflake, and Workday. The hacking group is known for using social engineering techniques to trick employees into granting access to corporate systems, often using stolen data to demand ransoms. Other big brands hit by their campaign reportedly include Google, Adidas, Qantas, Louis Vuitton, and Tiffany & Co.

“Groups such as ShinyHunters rely on fast moving social engineering tactics – this typically involves calling and emailing employees of the victim organization and attempting to extort them. If this does not work, they then launch a leak site with the aim of pressuring victims into payment,” said Jon Abbott, CEO of ThreatAware.

“This pattern in their attacks is why the security fundamentals are so important. Accurate asset inventories, tamper-proof identity verification and hardened service desk processes are all essential.”

Security experts warn that the Allianz breach could leave its customers and employees vulnerable to identity fraud, phishing scams, and fraud attempts. Allianz Life said it has reported the breach to the U.S. authorities and is offering affected customers and employees two years of free identity monitoring services. However, the company declined to share further details, citing an ongoing investigation.

For now, Allianz Life customers are being urged to remain vigilant, monitor their financial accounts closely, and be on the lookout for suspicious emails or phone calls.

Meanwhile, Salesforce, for its part, emphasized that its platform itself has not been compromised. Instead, attackers fooled companies’ employees into granting them access.

“The Salesforce platform has not been compromised, and this issue is not due to any known vulnerability in our technology,” a spokesperson said in a statement to TechRadar Pro.

“We know how disruptive and stressful these incidents can be, and our teams are fully engaged to support affected customers and help minimize any impact. Our blog provides additional context and guidance on strengthening security posture against social engineering attacks, including best practices, strong access controls, and proactive measures.”

The incident underscores the rising risks around personal data. It shows how quickly criminals can turn personal information into a weapon, and why businesses must guard against employee tricks. Experts say incidents like this highlight the importance of stronger defenses against social engineering, as well as stricter oversight of third-party cloud services that hold customer data.