U.S. insurance coverage big Farmers Insurance coverage has disclosed an information breach impacting 1.1 million clients, with BleepingComputer studying that the info was stolen within the widespread Salesforce assaults.
Farmers Insurance coverage is a U.S.-based insurer that gives auto, dwelling, life, and enterprise insurance coverage merchandise. It operates via a community of brokers and subsidiaries, serving greater than 10 million households nationwide.
The corporate disclosed the info breach in an advisory on its web site, saying that its database at a third-party vendor was breached on Might 29, 2025.
“On Might 30, 2025, certainly one of Farmers’ third-party distributors alerted Farmers to suspicious exercise involving an unauthorized actor accessing one of many vendor’s databases containing Farmers buyer data (the “Incident”),” reads the knowledge breach notification on its web site.
“The third-party vendor had monitoring instruments in place, which allowed the seller to shortly detect the exercise and take applicable containment measures, together with blocking the unauthorized actor. After studying of the exercise, Farmers instantly launched a complete investigation to find out the character and scope of the Incident and notified applicable legislation enforcement authorities.”
The corporate says that its investigation decided that clients’Â names, addresses, dates of start, driver’s license numbers, and/or final 4 digits of Social Safety numbers have been stolen in the course of the breach.
Farmers started sending knowledge breach notifications to impacted people on August 22, with a pattern notification [1, 2] shared with the Maine Lawyer Basic’s Workplace, stating {that a} mixed whole of 1,111,386 clients have been impacted.
Whereas Farmers didn’t disclose the title of the third-party vendor, BleepingComputer has realized that the info was stolen within the widespread Salesforce knowledge theft assaults which have impacted quite a few organizations this yr.
BleepingComputer contacted Farmers with further questions concerning the breach and can replace the story if we obtain a response.
The Salesforce knowledge theft assaults
Because the starting of the yr, menace actors categorised as ‘UNC6040’ or ‘UNC6240’ have been conducting social engineering assaults on Salesforce clients.
Throughout these assaults, menace actors conduct voice phishing (vishing) to trick staff into linking a malicious OAuth app with their firm’s Salesforce cases.
As soon as linked, the menace actors used the connection to obtain and steal the databases, which have been then used to extort the corporate via e mail.
The extortion calls for come from the ShinyHunters cybercrime group, who instructed BleepingComputer that the assaults contain a number of overlapping menace teams, with every group dealing with particular duties to breach Salesforce cases and steal knowledge.
“Like we’ve got stated repeatedly already, ShinyHunters and Scattered Spider are one and the identical,” ShinyHunters instructed BleepingComputer.
“They supply us with preliminary entry and we conduct the dump and exfiltration of the Salesforce CRM cases. Similar to we did with Snowflake.”
Different corporations impacted in these assaults embody Google, Cisco, Workday, Adidas, Qantas, Allianz Life, and the LVMH subsidiaries Louis Vuitton, Dior, and Tiffany & Co.
Â
46% of environments had passwords cracked, almost doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete have a look at extra findings on prevention, detection, and knowledge exfiltration developments.
