Allianz Life's CRM Was Hacked. 1.4 Million Customers' SSNs Were Exposed. Allianz's Own Systems Were Never Touched.
Case Study Third-Party Risk May 2026 · 8 min read On July 16, 2025, attackers used a phone call to social engineer access to a third-party CRM system used by Allianz Life. They never touched Allianz's internal networks. They didn't need to. The vendor had the data. The vendor had the access. And the vendor was the open door. Allianz Life Insurance Company of North America has 1.4 million customers. On July 16, 2025, threat actors accessed the personal data of the majority of those customers — names, addresses, Social Security numbers, dates of birth, policy numbers, and financial information. Allianz's internal systems were never breached. Its policy administration platform remained secure throughout the entire incident. No attacker ever penetrated Allianz Life's own network infrastructure. They didn't need to. Allianz used a third-party cloud-based CRM system to manage customer relationships. Th...