Another Salesforce Data Breach? Farmers Insurance Hack Affects 1.1M Customers : Tom M
by: Tom M
blow post content copied from Salesforce News | Salesforce Ben
click here to view original post
**Summary of the Farmers Insurance Data Breach:** Farmers Insurance has announced a significant data breach that has affected approximately 1.1 million customers. The breach is believed to be tied to a broader social engineering campaign associated with Salesforce, although Salesforce maintains that their platform itself was not compromised. Key details from the incident include: - Sensitive information such as names, addresses, dates of birth, driver's license numbers, and the last four digits of Social Security numbers were exposed. - The breach reportedly occurred through a third-party vendor on May 29, 2025, but the vendor's identity has not been disclosed. - The hacking group known as ShinyHunters is linked to this wave of attacks, which have targeted other major companies like Adidas and Google. - Farmers Insurance stated that they took immediate action upon discovering the breach and have informed law enforcement. Salesforce has recently enhanced security measures for connected applications in response to these attacks, but they emphasize that the issue originates from social engineering, rather than vulnerabilities in their platform. **Additional Context:** The ongoing threat of social engineering attacks highlights the importance of robust cybersecurity practices, particularly in how companies manage access to their applications. Salesforce and other businesses are urged to regularly audit connected apps, set strict permissions, and train employees to recognize phishing threats. **Relevant Hashtags for SEO:** #DataBreach #FarmersInsurance #Salesforce #Cybersecurity #SocialEngineering #ShinyHunters #DataProtection #CustomerPrivacy #InsuranceDataBreach #TechSecurity
Farmers Insurance has disclosed a data breach that has impacted 1.1M customers – with the attack reportedly linked to the ongoing Salesforce customer social engineering campaign.
The company said that its investigation found that the names, addresses, dates of birth, driver’s license numbers, and/or last four digits of Social Security numbers of customers were stolen in the incident, according to BleepingComputer.
At the time of writing, 4.37AM EST (9.37AM UK time), the US-based insurance giant’s website, farmers.com, was unavailable, but reports say the company had disclosed the incident in an advisory saying that its database at a third-party vendor had been breached on May 29, 2025.
The name of the third-party vendor was not disclosed, but BleepingComputer is linking the incident to the widespread Salesforce data theft attacks, which have affected a number of big-name businesses.
The well-known hacking group ShinyHunters, aka UNC6240, has been said to be behind the wave of social engineering attacks. Many businesses affected by incidents that bear the hallmarks of the campaign do not name Salesforce directly, instead opting for phrasing like “third-party CRM”. Subsequent reporting often reveals the incidents to be Salesforce-related, though the cloud giant has said that its own platform has not been compromised.
SF Ben note: The potential for compromised connected apps in Salesforce orgs is ongoing. We at Salesforce Ben strongly recommend that all admins and org owners prioritize auditing the connected apps currently in use in their orgs. This includes identifying the origin of all connected apps, removing any unused or unknown apps, setting permissions for access to remaining apps, and removing the ability for any user to add connected apps without approval. We’ve published an article to help.
Farmers Insurance Hacked
Data Breach Notifications, shared with the Maine Attorney General’s Office, reveal that more than 1.1M customers have been impacted by the Farmers Insurance incident.
Farmers Insurance, which provides home, life, and car insurance, reportedly said in its data breach notification: “On May 30, 2025, one of Farmers’ third-party vendors alerted Farmers to suspicious activity involving an unauthorized actor accessing one of the vendor’s databases containing Farmers’ customer information (the “Incident”).
“The third-party vendor had monitoring tools in place, which allowed the vendor to quickly detect the activity and take appropriate containment measures, including blocking the unauthorized actor. After learning of the activity, Farmers immediately launched a comprehensive investigation to determine the nature and scope of the Incident and notified appropriate law enforcement authorities.”
The company, which operates through a network of subsidiaries, serves more than 10M households across the United States.
Salesforce Data Theft Campaign
While details of the precise nature of the Farmers Insurance incident are currently scarce, as it has only just been revealed, an “unauthorized actor” accessing a database containing customer information appears to point towards the ongoing Salesforce social engineering attacks.
Adidas, Chanel, Google, and Workday are reported to be among those targeted in the campaign.
In an advisory statement published on August 7, Salesforce stressed that its own platform had not been compromised, and the issue was “not due to any known vulnerability” in its technology.
Nearly two weeks later, Salesforce Ben reported how the cloud giant was strengthening security measures around the use of connected apps. This appeared to be direct countermeasures against the social engineering attacks, which involve victims downloading a malicious replica of Data Loader.
In a blog post titled ‘Prepare for Connected App Usage Restrictions Change’, published on August 18, Salesforce said it would be restricting the use of “uninstalled connected apps”, blocking end users from using them.
The update will disable non-admin users from authorizing newly uninstalled connected apps.
As we wrote when the new countermeasures were revealed: “Salesforce has made clear that their own platform is not the issue, but nonetheless it is their customers who are being targeted in these attacks, so it makes sense they are taking measures to protect them.
“These mitigations are welcome. But this doesn’t change any of the exposure to phishing or social engineering. Should an admin – or any user with necessary permissions – be convinced by an external actor to enter their credentials and authorize a connected application, the fundamental risk is no different, so admins and org owners should be trained to look for these attacks going forward.”
Salesforce Ben has contacted Farmers Insurance for comment.
Final Thoughts
The ongoing campaign of data theft incidents is hardly encouraging news for those of us in the Salesforce ecosystem.
The cloud giant appears to be doing all it can to strengthen security amid the breaches, but, from what we know so far, the social engineering incidents are succeeding primarily due to human error, not any particular vulnerability from the Salesforce platform, so there’s only so much the mothership can do to help.
Stay tuned to Salesforce Ben for more news about the social engineering campaign.
The post Another Salesforce Data Breach? Farmers Insurance Hack Affects 1.1M Customers appeared first on Salesforce Ben.
August 26, 2025 at 04:15PM
Click here for more details...
=============================
The original post is available in Salesforce News | Salesforce Ben by Tom M
this post has been published as it is through automation. Automation script brings all the top bloggers post under a single umbrella.
The purpose of this blog, Follow the top Salesforce bloggers and collect all blogs in a single place through automation.
============================
Post a Comment