CRM compromise is a major data breach problem!

BankInfoSecurity.com reported “A malicious actor breached a customer relationship management platform used by Allianz Life Insurance of North America on July 16 and stole personally identifiable information of most of its 1.4 million U.S. customers, financial professionals and some employees, the company said.” The July 28, 2025 article entitled " Allianz Life Breach Tied to CRM Compromise” (https://tinyurl.com/2tf9zm2k) included these comments:

Company spokesperson Brett Weinberg said the hacker gained access "using a social engineering technique." The insurer did not disclose the CRM in question nor the name of the hacker. Bleeping Computer attributed the attack to the ShinyHuntersextortion group.

ShinyHunters is a loose group of attackers that has existed since 2020 and been involved in a slew of high-profile incidents, including the theft of terabytes of data from clients of cloud-based data warehousing platform Snowflake. French police in June reportedly arrested five suspected hackers accused of being administrators of stolen data marketplace BreachForums, where ShinyHunters has been actively involved. French daily newspaper Le Parisien reported that the handle of one suspect was "ShinyHunters."

"ShinyHunters is a group, much like Scattered Spider, so it would appear France arrested people that were a part of the group, but not the whole group," said Trevor Hilligoss, a senior vice president with cybercrime threat intel firm SpyCloud Labs at SpyCloud.

Buttressing a possible ShinyHunters attribution is a June warning from Google that a threat actor it tracks as UNC6040 has had success recently in using voice phishing techniques to target Salesforce customer relationship management instances for date theft. One effective technique has been to impersonate IT support personnel and socially manipulate victims into authorizing a maliciously modified version of Saleforce's Data Loader. UNC6040 overlaps with the cybercrime community that calls itself "The Community," aka the Com, which has given rise to a number of cybercrime threat actors specializing in social engineering, including groups popularly known as Scattered Spider, Lapsus$ and Oktapus, aka 0ktapus. The threat actor may have partnered with ShinyHuntersto commercialize the stolen data.

Very bad news! What do you think?