Another class action has landed at the doorstep of Allianz Life Insurance Company of North America, intensifying scrutiny of the insurer’s handling of a July 2025 data breach that allegedly exposed the sensitive information of more than a million customers and financial professionals.
Filed August 1 in the United States District Court for the District of Minnesota, the latest lawsuit comes from plaintiffs Cheryl Marotta of Massachusetts and David Werner of Missouri. Both are Allianz customers who, according to the complaint, are bringing the action on behalf of themselves and all others similarly situated. Their suit follows a similar complaint filed days earlier by another plaintiff, as previously reported by Insurance Business-US.
The complaint alleges that on or around July 16, 2025, a malicious actor gained unauthorized access to a third-party, cloud-based customer relationship management system used by Allianz Life Insurance Company of North America. The filing states that the “threat actor was able to obtain personally identifiable data related to a majority of Allianz Life’s customers, financial professionals, and select Allianz Life employees, using a social engineering technique.” The complaint references public reports that Allianz Life has approximately 1.4 million customers.
According to the complaint, the stolen data included names, addresses, phone numbers, dates of birth, Social Security numbers, other government-issued ID numbers, financial account and banking information, protected health information, and, for employees, other employment-related details. The plaintiffs allege that Allianz failed to implement adequate systems and procedures for maintaining, safeguarding, and protecting this sensitive information, and that the data was stored in a single database and in an unencrypted format.
The complaint further claims that, as a result of the breach, Marotta experienced suspicious activity including receiving an email from an unfamiliar address notifying her that her credit card was going to be charged, as well as an increase in spam calls and text messages. Werner claims to have spent time monitoring his accounts for fraud and fielding spam phone calls and emails.
The lawsuit seeks damages, restitution, and injunctive relief for the class, including improvements to Allianz’s data-security systems, future annual audits, and adequate credit-monitoring services funded by Allianz. The complaint alleges that Allianz’s practices failed to meet standards established by its own data-security and privacy policies, as well as industry standards such as the NIST Cybersecurity Framework and the Center for Internet Security’s Critical Security Controls. The complaint also cites the Federal Trade Commission Act, 15 U.S.C. § 45, as a basis for its claims.
No specific insurance policy clauses are discussed in the complaint. The filing states that plaintiffs and class members provided their sensitive information to Allianz with the understanding that it would be protected, and that Allianz failed to fulfill this obligation.
The complaint raises questions regarding Allianz’s responsibility, the timeliness of its notification to affected individuals, and whether its data protection measures were “reasonable” under industry standards.
All claims in this new filing are allegations and have not been tested in court.
