Allianz Life and WestJet have both confirmed significant data breaches impacting a combined total of approximately 3.7 million customers and employees across North America. Allianz Life, an insurance company, reported that the personal data of about 1.5 million individuals was compromised following a security incident at an unnamed third-party customer relationship management (CRM) provider. The exposed information includes names, addresses, dates of birth, and Social Security numbers belonging to customers, staff, and financial professionals associated with Allianz. The company notified affected individuals through letters and reported the incident to the Maine Attorney General's Office, emphasizing the breadth of the data accessed. In parallel, Canadian airline WestJet disclosed that a cyberattack in June, allegedly carried out by the Scattered Spider group, resulted in the exposure of data for 1.2 million Americans. The breach affected WestJet’s online services and mobile app, prompting the airline to urge customers and staff to exercise additional caution. The compromised data at WestJet may include names, contact details, reservation information, and documents related to travel, though the airline assured that credit card numbers, CVV codes, and user passwords were not affected. WestJet also stated that the safety and integrity of its operations were never at risk during the incident. Both companies have faced scrutiny over the handling of sensitive personal information and the adequacy of their security measures, particularly in the context of third-party service providers. The incidents highlight the persistent risks associated with supply chain vulnerabilities and the growing trend of attackers targeting service providers to access large volumes of data. Regulatory authorities, such as the FTC and state attorneys general, are closely monitoring these breaches, and affected organizations are under pressure to improve their incident response and notification processes. The breaches underscore the importance of robust third-party risk management and the need for organizations to maintain transparency with customers following security incidents. As the number of large-scale data breaches continues to rise, these cases serve as a reminder of the critical need for comprehensive cybersecurity strategies and proactive defense measures across all sectors.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
2 events from the most recent confirmed update back to the earliest known activity.
The U.S. Federal Trade Commission filed a lawsuit against Sendit alleging improper collection of children's data. The action was reported as part of a broader breach and privacy roundup.
A wave of data breach disclosures affecting North America was reported, with roughly 3.7 million notification letters expected to be sent to affected individuals. The references indicate a broad set of breach notifications rather than a single incident.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
2 references tracked. Mallory keeps watching after this page renders.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.