Allianz Life cyberattack gets worse as company confirms Social Security numbers stolen

News
By published

Insurance giant confirms stolen data included SSNs

Hacker with malware code in computer screen. Cybersecurity, privacy or cyber attack. Programmer or fraud criminal writing virus software. Online firewall and privacy crime. Web data engineer
(Image credit: Shutterstock)
  • Allianz Life recently confirmed cyberattack
  • Criminals stole data on around 1.4 million customers
  • Among the stolen data are names, addresses, and SSNs

The information stolen in the recent cyberattack on insurance giant Allianz Life included people’s full names, postal addresses, dates of birth and, particularly worryingly - Social Security numbers (SSN), the company has confirmed.

Allianz Life has filed new forms with the Attorney General’s office in Texas and Massachusetts, in which it confirmed what kind of data was taken when a threat actor accessed a third-party cloud-based CRM system the company uses.

After finding out about the intrusion, the company took measures to contain it, and notified the FBI. So far, there is no evidence the company’s network or other systems were accessed, it was added.

Abusing SSNs

Speaking to TechCrunch, a spokesperson for Allianz Life said the company will begin notifying affected individuals on August 1.

“The letters will offer specific information relevant to impacted individuals including the type of data that may have been affected,” it said.

SSNs are a core piece of personal identity in the US and they unlock access to a wide range of services and records.

They allow cybercriminals to impersonate victims, potentially opening bank accounts in their name, apply for loans and credit cards, or rack up debt.

They can also commit fake tax returns, gain access to medical treatment or prescription drugs, and even get a job illegally, which might cause problems for the victims during background checks.

Finally, criminals might use SSNs to apply for various Social Security benefits, unemployment compensation, or welfare.

Stay protected

The attack is particularly concerning as such records could contain more than enough of sensitive information for hackers to launch highly personalized, successful phishing campaigns, leading to identity theft, wire fraud, and even ransomware attacks.

If you're concerned you may have been caught up in the incident, don't worry - there are a number of methods to find out. HaveIBeenPwned? is probably the best resource only to check if your details have been affected, offering a run-down of every big cyber incident of the past few years.

And if you save passwords to a Google account, you can use Google's Password Checkup tool to see if any have been compromised, or sign up for one of the best password manager options we've rounded up to make sure your logins are protected.

Via TechCrunch

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.