A cyber attacker may have obtained access to the personally identifiable information of a majority of the 1.4 million customers of Allianz Life Insurance Co. of America, the company reported Saturday.
The company — a Minneapolis-based affiliate of Allianz, a German financial services giant — believes that the attacker used "a social engineering technique" to get into a cloud-based customer relationship management system that the company was using around July 16, the company said Monday in an email.
"Social engineering" is a strategy that involves tricking people to into creating holes in the usual data protection security protocols.
Allianz Life discovered the breach July 17 and notified the FBI that day, the company said.
In addition to getting customer information, the attacker may have obtained information about Allianz Life financial professionals and some Allianz Life employees.
"We took immediate action to contain and mitigate the issue," the company said. "Based on our investigation to date, there is no evidence the Allianz Life network or other company systems were accessed."
Allianz Life does not believe that the attacker breached its policy administration system.
"Our investigation is ongoing, and we began the process of reaching out to individuals impacted with dedicated resources to assist them," the company said. "This incident is related only to Allianz Life in the U.S."
Allianz Life told Maine officials in a regulatory filing that it is still determining the extent of the breach and expects to offer affected individuals 24 months of free identity theft restoration and credit monitoring services.
Credit: Shutterstock
© Touchpoint Markets, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.