Farmers Insurance’s review found that certain personal information related to a select population of its customers was subject to unauthorized access and acquisition.
Insurance company Farmers Insurance disclosed on Monday a security incident that may have resulted in the compromise of personal information for certain individuals.
The disclosure made on the insurer’s website said, “On May 30, 2025, one of Farmers’ third-party vendors alerted Farmers to suspicious activity involving an unauthorized actor accessing one of the vendor’s databases containing Farmers’ customer information.”
Cybersecurity news site BleepingComputer reported that the data breach affected 1.1 million Farmers Insurance customers and that the data was stolen in a widespread Salesforce attack.
On Stocktwits, retail sentiment toward Salesforce stock remained ‘bearish’ (43/100) by late Monday, and the message volume on the stream continued to be ‘low.’
Salesforce stock has lost over 25% of its value so far this year.
Farmers Insurance, a nearly century-old company, offers insurance coverage for home, auto, life, business, recreational vehicles, and more. It has more than 48,000 exclusive agents and about 21,000 employees. It currently serves more than 10 million households, with over 19 million individual insurance policies, across all 50 states.
“The third-party vendor had monitoring tools in place, which allowed the vendor to quickly detect the activity and take appropriate containment measures, including blocking the unauthorized actor,” Farmers Insurance said.
“After learning of the activity, Farmers immediately launched a comprehensive investigation to determine the nature and scope of the Incident and notified appropriate law enforcement authorities.”
The review found that certain personal information related to a select population of its customers, such as “name, address, date of birth, driver’s license number, and/or last four digits of Social Security number,” was subject to unauthorized access and acquisition.
Farmers Insurance began sending written notices to the affected individuals on or around Aug. 22.
The BleepingComputer report stated that Salesforce customers have been facing attacks from threat actors dubbed “UNC6040” and “UNC6240” since the beginning of the year. These threat actors conduct voice phishing to “trick employees into linking a malicious OAuth app with their company’s Salesforce instances.”
They then gain access to the database, steal information, and use it to extort the company through email.
The report said other companies impacted by the attacks included Google, Cisco, Workday, Adidas, Qantas, Allianze Life, and LVMH.
For updates and corrections, email newsroom[at]stocktwits[dot]com.<