Minneapolis-based Allianz Life, a subsidiary of Munich, Germany-based Allianz SE, said the data breach happened on July 16 when a “malicious threat actor” gained access to a third-party, cloud-based system used by the company.
“The threat actor was able to obtain personally identifiable data related to the majority of Allianz Life’s customers, financial professionals, and select Allianz Life employees, using a social engineering technique,” Allianz Life said in a statement. “We took immediate action to contain and mitigate the issue and notified the FBI.”
The company said its own systems were not accessed, just the third-party’s platform.
Allianz Life said its investigation is ongoing and that the company has begun reaching out to the impacted individuals. It said the incident involves only Allianz Life in the U.S., not other Allianz corporate entities.
In the case of data breaches, a “social engineering technique” usually involves using trickery to gain access. Spokesman Brett Weinberg said he couldn’t provide details because they are still investigating.
It is one of five North American subsidiaries of the Munich-based global financial services group Allianz SE, which says it serves more than 125 million customers worldwide.
