Paperclip Inc., a leader in advanced data security and content supply-chain solutions, confirmed that encryption-in-use technology could have prevented the exposure of sensitive customer data in the recent Allianz Life Insurance data breach, which impacted over 1.4 million U.S. customers.
Allianz Breach Context: What Happened
On July 16, 2025, Allianz Life Insurance reported a massive data compromise following a social engineering attack that targeted a third-party cloud-based customer relationship management (CRM) system. Attackers were able to extract personally identifiable information (PII), including names, addresses, dates of birth, Social Security numbers, and policy identifiers, putting millions at risk for identity theft and fraud.
Read More on CIO Influence:ย The Road to AI-Native Wireless: Why Traditional RAN Must Evolve
Although Allianz Life Insurance has not publicly disclosed the specific name of the CRM platform affected, multiple sources including Googleโs Threat Intelligence Group (GTIG), Mandiant, and BleepingComputer suggest that Salesforce was likely the targeted system. The breach involved:
- Voice phishing (vishing) attacks manipulating employees into granting access to Salesforce Data Loader.
- Threat actor UNC6040 (aka โThe Com,โ linked to Scattered Spider) targeting Salesforce customers.
- ShinyHunters launching similar campaigns against Salesforce CRM users.
- Court documents referencing attacks on โAccountsโ and โContactsโ tables, common Salesforce objects.
While Allianz has not officially confirmed the affected CRM, the convergence of threat actor activity, techniques, and technical evidence strongly supports the Salesforce conclusion made by the sources named above.
How Paperclip SAFE Would Have Protected Allianzโs Data
Unlike traditional encryption that only secures data at rest and in transit, Paperclip SAFEยฎ encryption-in-use technology keeps data always encrypted, even while being processed or searched. Its unique combination of shredded data, and strong encryption architecture ensures sensitive information remains unintelligible across every phase of its lifecycle.
Key protections SAFE would have provided:
- Against Vendor Compromise: Attackers would have accessed only encrypted, shredded fragments rather than usable plaintext.
- Against Social Engineering: Even with legitimate credentials, any data exports would have remained encrypted and useless.
- Against Supply-Chain Risk: SAFEโs zero-trust design protects data across vendor ecosystems, ensuring third-party environments cannot expose sensitive information.
โThe Allianz breach underscores a critical flaw in todayโs data security stackโonce attackers gain access, they often gain everything,โ said Mike Bridges, President & COO of Paperclip Inc. โWe can confidently state that Paperclip SAFEโs Machine Learning surveillance would have shut down the export after the first thousand records, preventing much of the damage done by this type of breach.โ
Encryption-In-Use: A New Standard for Data Protection
Encryption-in-Use is the ability to perform calculations upon encrypted data while the data remains encrypted. Active, operational data-in-use is the most valuable data an organization relies upon. As demonstrated by the Allianz breach, in-use data remains the primary target for threat-actors globally.
Paperclip SAFE is designed to exceed compliance mandates and align with global regulatory frameworks, including GDPR, NYDFS 500, DORA, and the upcoming NIST post-quantum cryptography standards. Currently deployed by nine of the top ten U.S. life insurance providers, SAFE is rapidly becoming the industry standard for securing sensitive data across financial services, healthcare, and government sectors.
Key Benefits of Paperclip SAFE
- Always Encrypted โ Data remains encrypted at rest, in transit, and in use.
- Zero Trust by Design โ Compartmentalized architecture limits exposure even in vendor environments.
- Seamless Integration โ Works within existing systems without requiring application redesign.
- Regulatory Alignment โ Built to meet and exceed current and future compliance requirements.
- Post-Quantum Resistant โ Crypto-Agile-by-Design (CAbD) creating an environment meeting both todayโs and tomorrowโs threat evolution.
Paperclip is a software technology partner that creates data security and operational efficiencies for some of the largest globally recognized brands worldwide.
Paperclip provides enterprises with the most efficient means of secure document capture, processing, and storage of millions of documents for rapidly growing firms and Fortune 1,000 companies worldwide. Paperclip offers an expansive range of cloud based B2B and B2C solutions that eliminate paper to deliver new possibilities in efficiency, communication, and ROI, each customized to specific industry and business goals.
Catch more CIO Insights: What is Shadow IT and why does it matter for enterprise security?
[To share your insights with us, please write to psen@itechseries.com ]
