Allianz Life Insurance Company of North America has reported a major data breach from a supply chain attack that exposed the personal information of most of its 1.4 million U.S.-based customers, professionals, and some employees.

According to a statement released Friday, the breach occurred on July 16, 2025, when a threat actor exploited social engineering tactics to compromise one of Allianz Life’s cloud service providers. The company detected the intrusion the following day and immediately alerted the FBI. A formal filing with the Maine Attorney General’s office confirmed the nature of the breach and Allianz’s swift response efforts.

The Minneapolis-headquartered insurer, a subsidiary of Germany’s Allianz SE, emphasized that its core systems—such as policy administration and internal networks—remain unaffected. However, most personally identifiable information (PII) stored with the breached cloud vendor was accessed.

This incident comes amid a growing wave of sophisticated cyberattacks, many linked to the threat group Scattered Spider, known for its use of voice phishing and social engineering against major industries, particularly insurance.

Allianz stated it is still in the process of identifying every affected individual. A placeholder breach notice has been submitted to regulators, and a full notification letter will follow once the review is complete.