Farmers' Insurance discloses data breach affecting 1 million customers

Farmers Insurance has confirmed it was hit by a data breach that exposed the personal information of more than 1 million policyholders after a third-party cyberattack. The incident, linked by some outlets to the recent string of Salesforce-related hacks, involved a vishing scam that gave attackers unauthorized access to sensitive records.

The company disclosed that it first learned of the breach on May 30, when a third-party vendor flagged suspicious activity in its systems. Farmers brought in outside data-security experts to investigate, and on Aug. 22, began sending notices to impacted customers.

According to Farmers, the compromised data includes names, addresses, dates of birth, driver’s license numbers, and in some cases, the last four digits of Social Security numbers. Reports indicate that around 1,111,386 people were affected across 10 states: California, Washington D.C., Iowa, Maryland, Massachusetts, New York, New Mexico, North Carolina, Oregon, and Rhode Island.

In a statement to Mashable, a spokesperson for Farmers' Insurance had this to say:

At Farmers, protecting our customers’ information is our top priority. We recently discovered that an unauthorized third party briefly accessed a vendor’s system that contained some Farmers’ customer information. The incident involved only limited information from certain customers. 

An investigation — conducted with both internal and external security experts — found no evidence that the exposed data has been misused, nor any indication that Farmers’ own systems were compromised. We are contacting affected individuals directly and are providing support resources, including complimentary credit monitoring. 

Farmers Insurance is part of the Zurich Insurance Group and reported $2.2 billion in profits last year. Zurich is one of the largest insurers in the world and reported $7.8 billion in operating profit in 2024 alone. According to Bleeping Computer, the stolen data was part of the widespread Salesforce data theft campaign that has rippled through multiple organizations this year, exposing sensitive information across industries.