Share
There are two types of companies: those that have experienced a cyber-attack and those that will.
The recent Allianz Life incident serves as a stark reminder that even major enterprises aren’t immune to sophisticated attacks, and as Salesforce customers, we share a collective shared responsibility to strengthen our security defenses and maintain brand trust through proactive protection.
Cyberattacks aren’t just a security threat—they threaten client trust through breached and stolen data, as well as incurred legal fees and company reputation. While headlines focus on tech giants and Fortune 500 breaches, the stark reality is that global organizations of all sizes face average losses of $4.88 million per data breach – a 10% increase over last year and the highest total ever.
How Hackers Stole 2.8 Million Records Through One OAuth Trick
On July 16th, cybercriminal groups ShinyHunters, Scattered Spider, and Lapsus$ successfully breached Salesforce instances at Allianz Life through sophisticated social engineering attacks. The attackers tricked employees into linking a malicious OAuth app with the company’s Salesforce instance, then used this connection to download complete databases containing sensitive data from 1.4 million customers.
The attackers leaked 2.8 million records from Salesforce “Accounts” and “Contacts” database tables containing names, addresses, phone numbers, dates of birth, Tax Identification Numbers, Social Security Numbers, and professional details like licenses and firm affiliations through a public Telegram channel called “ScatteredLapsuSp1d3rHunters.”³ BleepingComputer confirmed the accuracy of the leaked data by verifying multiple individuals’ information contained in the database.
This wasn’t a random attack. In a direct statement to BleepingComputer, ShinyHunters confirmed that “ShinyHunters and Scattered Spider are one and the same,” explaining “They provide us with initial access and we conduct the dump and exfiltration of the Salesforce CRM instances. Just like we did with Snowflake.” These threat actors are among the most sophisticated groups operating today, having successfully breached major targets including MGM Resorts, Clorox, Google, Cisco, Internet Archive, Pearson, and Coinbase.
Organizations take an average of 194-204 days to identify a data breach and 64-73 days to contain it. For financial services companies like Allianz, breach costs average $6.08 million – 22% higher than the global average.
$164 Per Record Lost Plus $336,000 Per Hour Downtime
The immediate financial blow starts at $164 per stolen record according to IBM’s latest research. With cybercriminals stealing 168 records per second and breaches taking an average of 206 days to detect, a typical organization loses 1.2 million records during a single incident.
System downtime compounds these costs dramatically. Gartner reports IT downtime costs organizations $5,600 per minute – approximately $336,000 per hour, with some industries facing losses up to $30 million per hour. Most organizations experience system outages lasting 5-20 days, with ransomware attacks typically causing the longest disruptions.
70% of Customers Will Leave After a Breach
With 2.8 million records containing Social Security Numbers, Allianz faces potentially devastating regulatory penalties. Under the updated 2025 CCPA thresholds, maximum fines reach $2,663 per violation, with intentional violations or those involving minors escalating to $7,988 per violation. If regulators determine the violations were intentional, potential administrative fines alone could exceed $7+ billion.
Legal defense costs accumulate rapidly, with attorney fees averaging $1,000 per hour during breach response. Class action lawsuits amplify these expenses – Home Depot paid $15.3 million in legal fees following their breach. Highly regulated industries face average legal costs of $2.3 million, while other sectors typically incur around $1 million in legal expenses.
Potential $7+ Billion in CCPA Fines Alone
With 2.8 million records containing Social Security Numbers, Allianz faces potentially devastating regulatory penalties. Under the updated 2025 CCPA thresholds, maximum fines reach $2,663 per violation, with intentional violations or those involving minors escalating to $7,988 per violation. If regulators determine the violations were intentional, potential administrative fines alone could exceed $7+ billion.
Legal defense costs accumulate rapidly, with attorney fees averaging $1,000 per hour during breach response. Class action lawsuits amplify these expenses – Home Depot paid $15.3 million in legal fees following their breach. Highly regulated industries face average legal costs of $2.3 million, while other sectors typically incur around $1 million in legal expenses.
5 Critical Actions You Can Take Right Now
Audit your Salesforce security configurations – Review user permissions, API access, and ensure multi-factor authentication is enforced across all admin and user accounts. Pay special attention to OAuth app connections and implement strict approval processes for third-party integrations
Implement comprehensive monitoring – Deploy real-time threat detection and anomaly monitoring specifically designed for Salesforce environments to catch suspicious activity before data exfiltration occurs, including monitoring for unusual OAuth app installations
Secure your integrations – Examine all third-party apps, APIs, and data connections to your Salesforce instance, removing unnecessary access and hardening remaining connections. Be especially vigilant about social engineering attempts targeting OAuth permissions
Establish incident response protocols – Develop and regularly test breach response procedures that include immediate containment, forensic analysis, and customer communication strategies. Include specific protocols for revoking OAuth access and isolating compromised instances
Conduct regular security assessments – Perform penetration testing and vulnerability scans of your Salesforce environment, treating security as an ongoing process rather than a one-time setup. Include social engineering awareness training to prevent OAuth manipulation attacks
Don’t Let Brand Trust Bias Make Your Org the Next Headline
Don’t let your organization become the next headline. The Allianz Life breach targeted Salesforce instances specifically using the same OAuth manipulation techniques that compromised major enterprises worldwide – the same platform powering your critical business operations and customer data.
Industry averages tell only part of the story. Your organization’s specific risk profile and potential losses require immediate quantification. Use our Cyberattack Cost Calculator to generate a customized financial impact report based on your organization’s data, customer base, and industry. Once completed, you’ll be equipped to present a compelling business case for cybersecurity investments to your board and executive teams.
Explore our EzProtect Salesforce security resources today to discover enterprise-grade security solutions designed specifically for the Salesforce ecosystem. Our comprehensive protection suite helps organizations like yours detect threats, prevent breaches, and maintain the trust your customers place in you.
Get Your Salesforce Security Assessment
Contact our EzProtect team today for a free security assessment that bridges the critical gaps in the shared responsibility model—including comprehensive scanning of files and static resources that Salesforce doesn’t provide. Our expert team will deliver a customized 3-step action plan to strengthen your security posture and prevent your organization from becoming tomorrow’s headline.
Share
Did you love this blog and wish there could be more?
It is our goal to keep you informed about everything you need to know about Salesforce security to keep your Salesforce data and company safe and secure by providing you with the highest quality of original content.
If this sounds good to you, then sign-up below to be one of the first to know when the next super awesome Salesforce security blog has been released.
