Farmers Insurance Data Breach Affects 1.1 Million Individuals Following Salesforce Cyberattack

Farmers Insurance, a prominent U.S.-based insurer, has reported a significant data breach affecting approximately 1.1 million customers. The breach was linked to extensive attacks on Salesforce, a third-party vendor that Farmers uses for customer data management. The incident occurred on May 29, 2025, when Farmers was alerted to suspicious activity involving unauthorised access to its customer information database. Following the alert, the vendor’s monitoring tools enabled a swift response, which included blocking the unauthorised actor and initiating a thorough investigation. The investigation revealed that sensitive customer data, including names, addresses, dates of birth, driver’s licence numbers, and the last four digits of Social Security numbers, had been compromised.

Farmers Insurance began notifying affected individuals on August 22, 2025, with a total of 1,111,386 customers impacted by the breach. Although the company did not disclose the name of the third-party vendor, it was confirmed that the data theft was part of a broader series of attacks targeting Salesforce customers. Cybercriminals, identified as ‘UNC6040’ and ‘UNC6240’, have been executing social engineering tactics, including voice phishing, to manipulate employees into linking malicious applications to their Salesforce accounts. This connection allowed the attackers to download and exfiltrate sensitive databases, which were subsequently used for extortion purposes. The ShinyHunters cybercrime group has claimed responsibility for these attacks, indicating a coordinated effort among various threat groups to exploit Salesforce systems. 

Categories: Data Breach, Cybersecurity Threats, Third-Party Vendor Security 

Tags: Farmers Insurance, Data Breach, Customers, Salesforce, Unauthorized Access, Third-Party Vendor, Social Engineering, Vishing, Cybercrime, Extortion