- Allianz Life recently confirmed cyberattack
- Criminals stole data on around 1.4 million customers
- Among the stolen data are names, addresses, and SSNs
The information stolen in the recent cyberattack on insurance giant Allianz Life included people’s full names, postal addresses, dates of birth and, particularly worryingly - Social Security numbers (SSN), the company has confirmed.
Allianz Life has filed new forms with the Attorney General’s office in Texas and Massachusetts, in which it confirmed what kind of data was taken when a threat actor accessed a third-party cloud-based CRM system the company uses.
After finding out about the intrusion, the company took measures to contain it, and notified the FBI. So far, there is no evidence the company’s network or other systems were accessed, it was added.
Abusing SSNs
Speaking to TechCrunch, a spokesperson for Allianz Life said the company will begin notifying affected individuals on August 1.
“The letters will offer specific information relevant to impacted individuals including the type of data that may have been affected,” it said.
SSNs are a core piece of personal identity in the US and they unlock access to a wide range of services and records.
They allow cybercriminals to impersonate victims, potentially opening bank accounts in their name, apply for loans and credit cards, or rack up debt.
They can also commit fake tax returns, gain access to medical treatment or prescription drugs, and even get a job illegally, which might cause problems for the victims during background checks.
Finally, criminals might use SSNs to apply for various Social Security benefits, unemployment compensation, or welfare.
Stay protected
The attack is particularly concerning as such records could contain more than enough of sensitive information for hackers to launch highly personalized, successful phishing campaigns, leading to identity theft, wire fraud, and even ransomware attacks.
If you're concerned you may have been caught up in the incident, don't worry - there are a number of methods to find out. HaveIBeenPwned? is probably the best resource only to check if your details have been affected, offering a run-down of every big cyber incident of the past few years.
And if you save passwords to a Google account, you can use Google's Password Checkup tool to see if any have been compromised, or sign up for one of the best password manager options we've rounded up to make sure your logins are protected.
Via TechCrunch
You might also like
- Ransomware gangs are now expanding to physical threats in the real world
- Take a look at our guide to the best authenticator app
- We've rounded up the best business password managers around
