Farmers Insurance has confirmed a significant data breach that has affected 1.1 million of its customers. The breach occurred when hackers exploited a third-party vendor’s Salesforce account, which was part of a broader campaign involving the ShinyHunters group and other affiliated organizations. According to information from BleepingComputer, the attackers stole personal data such as names, birth dates, driver’s license numbers, and partial Social Security numbers.
The company disclosed the breach on its website, stating that the incident was discovered on May 29, 2025, when the third-party vendor detected unauthorized access to its database containing Farmers customer information. The vendor’s monitoring tools allowed for quick detection and containment of the breach, prompting Farmers to launch a comprehensive investigation and notify law enforcement authorities. The company has since begun sending data breach notifications to impacted individuals, with a total of 1,111,386 customers identified as being affected.
While Farmers has not disclosed the name of the third-party vendor, reports suggest the breach is part of ongoing Salesforce data theft attacks that have impacted numerous organizations this year. These attacks have raised concerns about the security of third-party vendors and the integrity of data stored in cloud platforms. As a result, the incident highlights the need for improved cybersecurity measures and greater oversight of third-party service providers in the insurance industry.