Farmers Insurance Says Breach Tied to Salesforce Exposes 1.1 Million Customers

Farmers Insurance said a cyber-intrusion at a third-party vendor exposed personal data on about 1.11 million current and former policyholders, according to notices filed with the Maine Attorney General’s office. The insurer learned of suspicious activity on May 30 after the vendor detected unauthorized access to its database the previous day. Farmers began sending notification letters on Aug. 22 and is offering two years of free identity-protection services to those affected. Stolen information includes names, postal addresses, dates of birth, driver’s-license numbers and, in some cases, the last four digits of customers’ Social Security numbers. The company said no core insurance systems were breached but urged customers to monitor accounts for signs of fraud. Cyber-security researchers and industry reports indicate the incident is part of a broader campaign targeting corporate Salesforce customer-relationship-management instances. The campaign, attributed to the ShinyHunters group also tracked as UNC6040, uses social-engineering and malicious OAuth applications to siphon data before issuing extortion demands. Google, Cisco and other large firms have reported related activity in recent months. Separately, Aflac told regulators it, too, had experienced a data incident linked to a service provider. Both disclosures add to a growing list of companies caught in the Salesforce-related supply-chain attacks, underscoring the risks of relying on third-party platforms for sensitive customer information.