- Allianz Life was targeted in the ShinyHunters attack campaign
- HaveIBeenPwned now estimates 1.1 million Allianz Life customers were affected
- This campaign has affected a large number of companies
The number of affected customers from the recent Allianz Life data breach has seemingly been confirmed at around 1.1 million customers, breach notification site Have I Been Pwned has said.
“Allianz attributed the attack to “a social engineering technique” which targeted data on Salesforce and resulted in the exposure of 1.1M unique email addresses, names, genders, dates of birth, phone numbers and physical addresses,” the site confirms.
The insurance firm was targeted earlier in 2025, with the ‘majority’ of the firm’s 1.4 million customers having sensitive data exposed, after an intrusion came through a third party, cloud-based Salesforce CRM system used by the company.
An ongoing campaign
It also now seems likely this breach is connected to a number of other breaches in an ongoing campaign that leverages the Salesforce platform in data theft attacks.
Allianz Life has not confirmed itself that this breach is part of the wider campaign, but the timing and similarities of this breach matches others targeted within the ShinyHunters extortion attacks targeting Salesforce customers.
That being said, Salesforce denies that their platform has been compromised;
“The Salesforce platform has not been compromised, and this issue is not due to any known vulnerability in our technology,” a spokesperson told TechRadar Pro.
“We know how disruptive and stressful these incidents can be, and our teams are fully engaged to support affected customers and help minimize any impact. Our blog provides additional context and guidance on strengthening security posture against social engineering attacks, including best practices, strong access controls, and proactive measures.”
Among those breached in the ShinyHunters campaign are Google, AT&T, Santander, and many others.
Because personal information such as email addresses, names, dates of birth, physical addresses, and phone numbers were accessed during the breach, any consumers concerned should be sure to take a look at the best identity theft protection to keep safe.
Protective measures
For any organizations concerned by the breach, it’s important to remember such incidents reportedly originate from social engineering attacks – so the most crucial thing to implement is a rigorous phishing training programme, and to make sure employees are confident in identifying social engineering attempts with regular testing.
Aside from that, making sure you deploy the best endpoint protection tools can protect your business and respond to attacks faster.
“Once attackers get into third-party platforms like CRMs, they’re not just stealing data but setting up for the next move,“ says Chief Security Officer (CSO) and EVP Information Security (CISO) at ThingsRecon, Tim Grieveson.
“Even if only ‘basic’ details like business names and contact info are taken, those assets are rich fuel for phishing, impersonation, and supply‑chain exploitation. The repercussions cascade down, and businesses need to stop thinking of external tools as someone else’s problem. If your customer data lives there, so does your risk. It’s time to start asking harder questions about where your data goes, who can access it, and how well it’s being protected.”