ShinyHunters is a group of threat actors who are linked to multiple high-profile data breaches and attacks, including those against PowerSchool and the SnowFlake attacks, which impacted Santander, Ticketmaster, AT&T, Advance Auto Parts, Neiman Marcus, and Cylance. "On July 16, 2025, a malicious threat actor gained access to a third-party, cloud-based CRM system used by Allianz Life Insurance Company of North America (Allianz Life)," an Allianz Life spokesperson told BleepingComputer. Insurance company Allianz Life has confirmed that the personal information for the "majority" of its 1.4 million customers was exposed in a data breach that occurred earlier this month. While Allianz Life declined to answer questions about the threat actor and whether they were being extorted, BleepingComputer has learned that the attack is believed to have been conducted by the ShinyHunters extortion group. During these attacks, the hackers impersonate IT support personnel, requesting the targeted employee accept a connection to Salesforce Data Loader, a client application that allows users to import, export, update, or delete data within Salesforce environments. The company is owned by Allianz SE, a global financial services group headquartered in Germany, serving more than 128 million customers. BleepingComputer asked Allianz Life if the CRM is Salesforce, but the spokesperson declined to comment. Once the connection is accepted, the threat actors use Salesforce Data Loader to exfiltrate data from Salesforce, which is then used to extort the company. While multiple ShinyHunters members have been arrested over the past few years, including a recent arrest in France, the hacking group continues to conduct attacks. Last month, Mandiant warned that ShinyHunters had begun to target Salesforce CRM customers in social engineering attacks. Allianz Life is a US-based provider of annuities and life insurance for over 1.4 million Americans.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Sat, 26 Jul 2025 18:05:16 +0000