Allianz Life Insurance Company of North America (a US subsidiary of the financial insurance group Allianz) has just admitted that hackers have stolen the personal information of most customers. This security incident occurred through a customer relationship management (CRM) platform provided by a third party.
In a document sent to the Maine Attorney General's Office, Allianz Life said that the attack did not directly target the company's system but took advantage of vulnerabilities from partners. Accordingly, hackers collected personal identification data, including: full name, address, social security number, date of birth and financial information of customers. However, Allianz did not disclose the name of the violating CRM provider.
Immediately after the discovery, Allianz Life stopped using the affected platform, hired independent security investigators, and coordinated with law enforcement. The company has also begun sending notices to affected people and providing free credit monitoring services for 2 years.
Although Allianz Life insists its main system was not attacked, the incident shows the inherent risk of relying on external services to operate user data. The company has not yet disclosed which group of hackers were behind the incident or how specifically they penetrated the system of a third party.
