Minneapolis-based Allianz Life, a subsidiary of Munich, Germany-based Allianz SE, said the data breach happened on July 16 when a “malicious threat actor” gained access to a third-party, cloud-based system used by the company.

“The threat actor was able to obtain personally identifiable data related to the majority of Allianz Life’s customers, financial professionals, and select Allianz Life employees, using a social engineering technique,” Allianz Life said in a statement. “We took immediate action to contain and mitigate the issue and notified the FBI.”

The company said its own systems were not accessed, just the third-party’s platform.

Allianz Life said its investigation is ongoing and that the company has begun reaching out to the impacted individuals. It said the incident involves only Allianz Life in the U.S., not other Allianz corporate entities.

In the case of data breaches, a “social engineering technique” usually involves using trickery to gain access. Spokesman Brett Weinberg said he couldn’t provide details because they are still investigating.

Allianz Life also reported the breach to multiple other authorities, including the Maine Attorney General’s Office. A filing on the agency’s website said the company discovered the breach the day after it happened, and that it will be offering those affected 24 months of identity theft protection and credit monitoring.

Allianz Life was known as North American Life and Casualty until it was acquired by German conglomerate Allianz SE in 1979 and changed its name to Allianz Life Insurance Company of North America. It has nearly 2,000 employees in U.S., with the majority working in Minnesota, according to its website.

It is one of five North American subsidiaries of the Munich-based global financial services group Allianz SE, which says it serves more than 125 million customers worldwide.