The week in breach news

United States

Allianz Life

Allianz Life Insurance Company of North America confirmed a major data breach affecting the personal information of the majority of its 1.4 million U.S. customers.

The breach, discovered on July 17, was traced back to a cyberattack the previous day. According to the company, the attacker used social engineering tactics to infiltrate an unspecified third-party, cloud-based CRM platform used by Allianz Life.

In addition to customer data, the breach exposed information related to financial professionals and a number of Allianz Life employees. The company emphasized that its internal systems were not compromised.

This incident impacts only Allianz Life’s U.S. operations and does not extend to other parts of the global Allianz Group.

Allianz Life is currently investigating the breach and working with cybersecurity experts to assess the full scope and secure affected systems.

United States

Tea

Tea, the app designed to let women anonymously discuss the men they’re dating, confirmed a significant data breach that exposed approximately 72,000 private user images.

The company disclosed that hackers gained unauthorized access to one of its data storage systems. In total, about 13,000 selfies and photo IDs users submitted to verify their identities were leaked, along with an additional 59,000 images that were already publicly viewable on the platform. No phone numbers or email addresses were compromised.

According to Tea, the breach affects only those who signed up for the app before February 2024. The incident stemmed from a vulnerability tied to an old identifier link.

Tea has not yet disclosed how many users were directly impacted. They said they are working to strengthen data protections and notify affected individuals.

European Union

France Travail

France Travail, the French national public employment agency, has suffered another data breach, this time exposing hundreds of thousands of workers.

Attackers allegedly accessed the personal details of numerous job seekers via the employment portal used by a France Travail partner.

According to the French National Agency for the Security of Information Systems (ANSSI), attackers accessed the data through Kairos, an app that monitors job seekers’ training progress.

An estimated 340,000 individuals had data exposed. Attackers may have accessed job seekers’ names, postal addresses, email addresses, phone numbers and France Travail ID numbers.

In March 2024, France Travail suffered from a much larger data breach that exposed 43 million individuals, or over two-thirds of the European nation’s total population.

United States

Crumbl

Popular dessert chain Crumbl Cookies reportedly become the latest victim of the Everest ransomware group, which is threatening to leak sensitive data on over 29,000 employees unless the company makes contact within the week.

The threat was posted on Everest’s dark web leak site, where the group shared file samples allegedly from Crumbl’s employee database, including store ID numbers, employee user IDs, corporate vs. franchise designations and FCM authentication token IDs.

In a twist on typical ransomware tactics, the gang did not leave the usual plaintext ransom note. Instead, they claim to have left a voice message for Crumbl’s incident response team and posted a countdown deadline, urging company representatives to make contact before time runs out.

Crumbl has not yet publicly responded to the claims or confirmed the breach.

United States

Blue Shield of California

Blue Shield of California (BSC) reported a HIPAA breach following unauthorized access to member information linked to a deceased insurance broker.

According to BSC, the incident came to light on May 22, 2025, when the insurer learned that a broker from Harmon Insurance Services passed away. After her death, her husband and another employee of the firm allegedly accessed her online client list and asked another broker to assist those clients. Upon discovery, BSC revoked the login credentials to prevent further access.

The incident impacted 1,543 individuals. A separate breach involving email access reportedly affected an additional 673 individuals.  The potentially exposed data includes names, member ID numbers, Social Security numbers, dates of birth, addresses, phone numbers, group ID numbers and Medicare numbers.

European Union

The AMEOS Group

The AMEOS Group, a leading healthcare provider operating in Austria, Germany and Switzerland, confirmed a cyberattack that recently compromised its IT systems. The breach may have exposed sensitive data belonging to patients, employees and business partners.

The company stated that despite extensive security measures, unauthorized access to its IT infrastructure occurred for a short time. AMEOS has not disclosed the exact timing of the breach, the method of intrusion or whether any ransom demands were issued.

In response, AMEOS says it swiftly disconnected all internal and external networks and shut down affected systems. IT and forensic experts were brought in to analyze the incident which remains under investigation.

European Union

Naval Group

France’s largest shipbuilder, Naval Group, was hit by a cyberattack that could have national security implications for France. The company, which plays a central role in France’s defense industry, is reportedly being extorted by a hacker group threatening to leak sensitive military data.

The attackers claimed to have accessed highly sensitive materials, including source code for combat management systems used in French submarines and frigates. Unlike typical cybercriminals who attempt to sell stolen data, the threat actors appear to be using it solely for extortion.

The attackers posted examples of contracts and internal documents to bolster their claims. Researchers say the materials appear authentic. The leaked files allegedly include source code powering military CMS platforms, internal network data, technical documentation with varying classification levels, access to developer virtual machines, confidential communications and multimedia files, including what appears to be submarine monitoring footage (although timestamped from 2003).

Naval Group has not yet publicly confirmed the breach or commented on the authenticity of the data. The incident raises major concerns given the organization’s involvement in advanced naval defense technologies, including nuclear-powered submarines.