Salesforce Customer Farmers Insurance Hit by Major Data Breach Affecting 1.1 Million
Farmers Insurance, a U.S.-based provider, confirmed a data breach impacting 1.1 million customers after an unauthorized actor accessed a third-party database in May 2024. The exposed data included names, addresses, birth dates, driver’s license details, and partial Social Security numbers.
The company detected the incident shortly after the intrusion and launched an investigation, notifying law enforcement. Affected individuals were informed on August 22, with regulators confirming the total number of impacted records.
While Farmers Insurance did not disclose the compromised vendor, reports from Bleeping Computer indicate the breach involved Salesforce, a frequent target of cybercriminal groups. ShinyHunters, in collaboration with Scattered Spider, claimed responsibility, stating they exploited initial access provided by Scattered Spider to exfiltrate data from Salesforce CRM instances—similar to their recent attacks on Google (2.5M records) and suspected breaches at Workday, Qantas, Allianz Life, and Adidas.
The attackers used social engineering tactics, tricking employees into approving malicious OAuth apps to gain access to Salesforce systems. This method highlights the growing threat to CRM platforms, which store vast amounts of sensitive data and are increasingly targeted due to their high-value information.
Cybersecurity experts noted that the breach underscores vulnerabilities in third-party supply chains, emphasizing the need for continuous vendor risk assessments, zero-trust security models, and proactive monitoring to mitigate similar attacks. The incident also reinforces concerns about human-driven exploits as a primary attack vector, even in otherwise secure enterprise systems.
Salesforce cybersecurity rating report: https://www.rankiteo.com/company/salesforce
Farmers Insurance Group cybersecurity rating report: https://www.rankiteo.com/company/farmersinsurance-group
"id": "SALFAR1767922939",
"linkid": "salesforce, farmersinsurance-group",
"type": "Vulnerability",
"date": "8/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '1,111,386',
'industry': 'Insurance',
'location': 'United States',
'name': 'Farmers Insurance',
'type': 'Insurance Provider'}],
'attack_vector': 'Social Engineering (Rogue OAuth App)',
'customer_advisories': 'Affected customers were notified on August 22, 2024, '
'regarding the exposure of their personal information.',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '1,111,386',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Addresses',
'Birth Dates',
'Driver’s License Information',
'Fragments of Social Security '
'Numbers']},
'date_detected': 'May 2024',
'date_publicly_disclosed': 'August 22, 2024',
'description': 'Farmers Insurance, a U.S.-based insurance provider, was the '
'victim of a significant data breach affecting 1.1 million '
'customers. An unauthorized actor gained access to a '
'third-party database containing sensitive customer '
'information, including names, addresses, birth dates, '
'driver’s license information, and fragments of Social '
'Security numbers. The breach was attributed to the cybercrime '
'groups ShinyHunters and Scattered Spider, who exploited a '
'rogue OAuth app via social engineering to infiltrate '
'Salesforce CRM systems.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': '1,111,386 records',
'identity_theft_risk': 'High',
'systems_affected': 'Third-party Salesforce CRM database'},
'initial_access_broker': {'entry_point': 'Rogue OAuth app via social '
'engineering',
'high_value_targets': 'Salesforce CRM instances'},
'investigation_status': 'Ongoing',
'lessons_learned': 'The breach highlights the risks of third-party vendor '
'vulnerabilities, particularly in CRM systems like '
'Salesforce. Social engineering remains a primary attack '
'vector, emphasizing the need for robust vendor risk '
'management, zero-trust security models, and ongoing '
'security awareness training. Organizations must also '
'ensure isolation, token rotation, and IP allowlists for '
'third-party integrations.',
'motivation': 'Data Exfiltration and Extortion',
'post_incident_analysis': {'corrective_actions': 'Enhance vendor risk '
'management, implement '
'zero-trust security models, '
'improve incident response '
'readiness, and conduct '
'ongoing security awareness '
'training.',
'root_causes': 'Exploitation of third-party '
'Salesforce CRM integration via '
'social engineering (rogue OAuth '
'app). Lack of sufficient vendor '
'risk management and security '
'controls for third-party access.'},
'ransomware': {'data_exfiltration': 'Yes'},
'recommendations': ['Implement robust vendor risk management with ongoing '
'scrutiny of third-party connections.',
'Adopt zero-trust security models as a standard practice.',
'Enhance incident response readiness with rapid detection '
'and transparent communication.',
'Monitor for fraud on affected datasets and prepare '
'regulatory notifications.',
'Request confirmation of isolation, token rotation, and '
'IP allowlists for shared CRM integrations.',
'Treat security awareness as an ongoing discipline to '
'mitigate social engineering risks.'],
'references': [{'source': 'Farmers Insurance Website'},
{'source': 'Bleeping Computer'}],
'regulatory_compliance': {'regulatory_notifications': 'Yes'},
'response': {'communication_strategy': 'Public disclosure on company website, '
'regulator notifications',
'containment_measures': 'Investigation launched, unauthorized '
'access contained',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes'},
'stakeholder_advisories': 'Monitor for fraud on affected datasets; prepare '
'communications and FAQs for regulators and '
'customers.',
'threat_actor': ['ShinyHunters', 'Scattered Spider'],
'title': 'Farmers Insurance Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Third-party Salesforce CRM integration'}