Allianz Life data leaked following recent breach - our tips on how to stay safe

News
By published

Stolen Allianz Life data has now appeared online

Caution sign data unlocking hackers. Malicious software, virus and cybercrime, System warning hacked alert, cyberattack on online network, data breach, risk of website
(Image credit: sarayut Thaneerat/ via Getty Images)
  • Cybercriminals leaked stolen data in a Telegram channel
  • Almost 3 million records from more than a million people were leaked
  • There are ways to mitigate the risk

Experts have warned the data stolen in the recent Allianz Life ransomware attack has been leaked to the open internet, and have urged affected users to be on their guard.

Sensitive information on the “majority” of the insurance company’s 1.4 million customers, including people’s names, addresses, phone numbers, dates of birth, Tax Identification Numbers, and even social security numbers, was published in a Telegram group created by ShinyHunters, Scattered Spider, and Lapsu$ threat actors.

In total, 2.8 million data records for both individual customers and business partners were grabbed as part of a wider attack on Salesforce instances. Besides Allianz Life, the group also took credit for a number of other, high-profile incidents, including the attack on Internet Archive, Pearson, and Coinbase.

Stay protected

Usually, cybercriminals would demand a ransom payment in exchange for deleting the stolen files and not leaking it on the internet.

So, if these files were published, it is safe to assume Allianz Life has decided not to pay (or the negotiations broke down for other reasons). There is always the possibility that the crooks leaked the files even after getting paid because these are, after all, cybercriminals.

There are numerous ways hackers can abuse sensitive files. They can impersonate their victims, potentially opening bank accounts in their name, apply for loans and credit cards, or rack up debt. They can also commit fake tax returns, gain access to medical treatment or prescription drugs, and even get a job illegally, which might cause problems for the victims during background checks.

Criminals might also use social security numbers to apply for various Social Security benefits, unemployment compensation, or welfare.

The attack is particularly concerning as such records could contain more than enough of sensitive information for hackers to launch highly personalized, successful phishing campaigns, leading to identity theft, wire fraud, and even ransomware attacks.

How to stay safe

If you're concerned you may have been caught up in the incident, don't worry - there are a number of methods to find out. HaveIBeenPwned? is probably the best resource only to check if your details have been affected, offering a run-down of every big cyber incident of the past few years.

And if you save passwords to a Google account, you can use Google's Password Checkup tool to see if any have been compromised, or sign up for one of the password manager options we've rounded up to make sure your logins are protected.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.