Data Security,
Fraud Management & Cybercrime,
Social Engineering
Attackers Compromised US Customer Data Through Social Engineering
On July 16, a breach targeting the customer relationship management (CRM) platform utilized by Allianz Life Insurance of North America resulted in the theft of personally identifiable information from the majority of its 1.4 million U.S. customers, financial professionals, and some employees, according to the company’s statement.
Brett Weinberg, a spokesperson for the company, disclosed that the attack exploited “a social engineering technique” for unauthorized access. Specific details about the compromised CRM system and the identity of the hacker remain unshared by the insurer. Reports suggest that the attack was linked to the ShinyHunters extortion group, known for its involvement in significant cyber incidents.
ShinyHunters, an assemblage of cybercriminals active since 2020, has been implicated in numerous high-profile breaches—including a notable incident involving data theft from clients of the cloud platform Snowflake. Recent developments indicate that French authorities arrested five individuals believed to manage the BreachForums marketplace, where ShinyHunters has been a consistent presence.
Trevor Hilligoss, a senior vice president at SpyCloud Labs, noted that while some individuals associated with ShinyHunters have faced law enforcement, it does not equate to the complete dismantling of the group. He emphasized the challenges in definitively attributing the Allianz breach solely to ShinyHunters, as discussions among hackers in criminal circles are often speculative.
Supporting the theory of ShinyHunters’ involvement is a June alert from Google indicating that a threat actor, designated UNC6040, employed voice phishing tactics to compromise Salesforce CRM instances, paralleling techniques historically used by ShinyHunters. This actor is linked to a broader cybercrime community known for social engineering exploits.
Amidst the ongoing investigations, reports from criminal forums show offers for data believed to originate from Allianz’s Brazilian and Spanish subsidiaries. However, Weinberg stated that the current focus is exclusively on Allianz Life in the U.S., and no additional information was provided regarding potential incidents abroad.
This breach underscores the critical necessity for robust security and governance protocols around enterprise applications, particularly CRM systems that house sensitive customer data. According to Piyush Pandey, CEO at Pathlock, continuous real-time access risk analysis is essential to ensure corporate accounts maintain appropriate access levels based on their contextual behaviors, instead of merely their titles or group memberships.
In evaluating the tactics employed during this attack, the MITRE ATT&CK framework highlights techniques potentially used, such as initial access through social engineering, persistence mechanisms, and privilege escalation. The incident exemplifies the pervasive risks businesses face due to inadequately protected customer data and the evolving sophistication of cyber adversaries.
