Data breach at Allianz Life escalates significantly
In a significant cybersecurity incident, Allianz Life and Workday have fallen victim to a data breach, with the ShinyHunters group claiming responsibility.
The breach at Allianz Life was discovered on July 17, affecting the vast majority of its 1.4 million customers in the North America region. The attack on Allianz Life's CRM system involved a connection to a Salesforce Data Loader. Data exposed in the incident includes dates of birth, email addresses, genders, names, phone numbers, physical addresses, and Social Security numbers.
Jon Abbott, CEO of ThreatAware, described the scale of the breach as "significant." He also noted that the ShinyHunters group, known for its fast-moving social engineering tactics, is believed to be behind the attack. The group has been linked to attacks on Salesforce systems at several retailers, Google, Cisco, Qantas, Santander, Ticketmaster, Tokopedia, AT&T, and most recently Workday.
The exact attack vector in the Allianz Life data breach has not been specified. However, it is believed that the attackers used malicious OAuth applications to infiltrate Salesforce instances and download the company databases.
Meanwhile, Workday confirmed it had fallen victim to an attack last week. More than seven-in-ten of the exposed email addresses had already been affected by previously-disclosed data breaches, according to reports. The leaked credential notification site Have I Been Pwned has put the number of affected accounts at 1.1 million.
The ShinyHunters group is also believed to overlap with the Scattered Spider and Lapsus groups. In response to the attacks, the group is preparing a data leak site to pressure Allianz and other victims into making a ransom payment.
Allianz Life has stated that it would provide a full consumer notice once it has finished identifying and contacting affected individuals. Security fundamentals such as accurate asset inventories, tamper-proof identity verification, and hardened service desk processes are essential to protect against attacks like the one on Allianz Life.
This incident serves as a reminder of the importance of vigilance in the face of increasing cyber threats. It is crucial for organisations to prioritise their cybersecurity measures to protect their customers' sensitive information.
Read also:
- Mandated automobile safety technologies in the EU may be deemed "irrational," "erratic," and potentially dangerous, experts caution.
- New study reveals that Language Models can execute complex assaults independent of human intervention
- Cybercriminals struck once more, allegedly Lazarus group, causing a $23 million loss to a UK-registered cryptocurrency platform.
- Upgraded advisory from CISA and Microsoft on security weakness in Exchange Server
