Massive data breach at Allianz Life uncovered, traced back to supply-chain attack
In a series of cyberattacks targeting major U.S. insurance providers, the Scattered Spider cybercriminal group has been active since early 2025. This group, known for its sophisticated tactics, has been linked to attacks on Allianz Life, Aflac, Erie Insurance, and others.
The latest development came when Allianz Life, a Minneapolis-based insurance provider and a subsidiary of the German firm Allianz SE, disclosed a data breach affecting 1.4 million U.S. customers, professionals, and select employees. The breach occurred on July 16, 20XX, and was discovered on July 17, 20XX.
The breach was a result of a social engineering attack, as confirmed by Allianz's filing with the Maine Attorney General's office. It affected most of Allianz's customers' personally identifiable information, leading to a class-action lawsuit alleging negligence in protecting personal data.
Allianz responded immediately after discovering the intrusion, notifying the FBI and taking steps to contain the breach. The company's filing with the Maine AG's office includes a placeholder copy of its breach notice, with a promise to share a full copy once all affected customers are identified.
Corporate stakeholders are seeking to better understand their technology stack's risk calculus in light of these attacks.
Aflac disclosed a cyber incident on July 7, 2025, where attackers gained access to personal and health information, but ransomware encryption seems to have been avoided. Aflac was able to contain the breach within hours, and operations were not disrupted. The attack was consistent with Scattered Spider’s known tactics, although Aflac did not explicitly name the group.
Erie Insurance faced a cyber-attack starting in early June 2025, causing extensive operational disruptions, including closing customer portals for nearly a month. This was publicly disclosed in filings citing unusual network activity consistent with a major cyber incident.
Microsoft and cybersecurity firms have observed Scattered Spider employing evolving tactics including social engineering, phishing, SIM swap attacks, adversary-in-the-middle techniques, and deployment of DragonForce ransomware. They increasingly target on-premises infrastructure initially, such as VMware ESX hypervisors, before moving to cloud environments.
Federal agencies including the FBI and CISA issued a joint advisory in late July 2025 warning about Scattered Spider’s methods, which frequently bypass multi-factor authentication and focus on data theft and encryption for ransom. The group, with members in the U.S. and U.K., has recently shifted attention heavily toward the insurance industry as part of its wider campaign.
This ongoing attack spree, which initially hit retailers and airlines before focusing on the insurance sector by early June 2025, serves as a reminder for corporations to stay vigilant and proactive in protecting their data and systems. The Scattered Spider group remains a significant threat with evolving cyberattack tactics targeting enterprise security and third-party vulnerabilities.
[1] [Source 1] [2] [Source 2] [3] [Source 3] [4] [Source 4] [5] [Source 5]
- The data breach at Allianz Life was a result of a phishing attack, as confirmed by the company's filing with the Maine Attorney General's office.
- With Scattered Spider's increased focus on the insurance industry, corporations must be proactive in strengthening their cybersecurity measures to prevent data breaches and potential financial losses.
- The ongoing cyberattacks by the Scattered Spider cybercriminal group have highlighted the need for corporations to fully understand the risks associated with their technology stack to effectively protect against phishing, data breaches, and other cybersecurity threats.
