Farmers Insurance suffered a breach tied to Salesforce attacks, exposing data of 1.1M customers across its nationwide insurance network.Farmers Insurance disclosed a data breach affecting 1,071,172 customers, linked to the recent wave of Salesforce attacks, as per Bleeping Computer. The company is an American insurer group of vehicles, homes and small businesses and also provides other insurance and financial services products. Farmers Insurance has more than 48,000 exclusive and independent agents and approximately 21,000 employees.The security breach occurred on May 29, 2025 and impacted at a third-party vendor. The company quickly detected the suspicious access, mitigated the attack, and launched an investigation into the incident. The company also reported to security breach to relevant authorities.“On May 30, 2025, one of Farmers’ third-party vendors alerted Farmers to suspicious activity involving an unauthorized actor accessing one of the vendor’s databases containing Farmers customer information (the “Incident”),” “The third-party vendor had monitoring tools in place, which allowed the vendor to quickly detect the activity and take appropriate containment measures, including blocking the unauthorized actor. After learning of the activity, Farmers immediately launched a comprehensive investigation to determine the nature and scope of the Incident and notified appropriate law enforcement authorities.”“On May 30, 2025, one of Farmers’ third-party vendors alerted Farmers to suspicious activity involving an unauthorized actor accessing one of the vendor’s databases containing Farmers customer information (the “Incident”). The third-party vendor had monitoring tools in place, which allowed the vendor to quickly detect the activity and take appropriate containment measures, including blocking the unauthorized actor. After learning of the activity, Farmers immediately launched a comprehensive investigation to determine the nature and scope of the Incident and notified appropriate law enforcement authorities.” reads the data breach notification letter shared with Maine Attorney General.. “The in-depth investigation determined that an unauthorized actor accessed the vendor’s database on May 29, 2025, and acquired certain data. With the assistance of a third-party data-review expert, Farmers conducted a comprehensive review to determine what data had been accessed and acquired, whether the data contained personal information, and to whom the personal information belonged. On July 24, 2025, the review determined that some of your personal information was subject to unauthorized access and acquisition.”Compromised information includes customers’ names, addresses, dates of birth, driver’s license numbers, and/or last four digits of Social Security numbers.Since early 2025, hackers known as UNC6040/UNC6240 have been targeting Salesforce users with phone scams, tricking employees into connecting malicious apps to their company accounts. This access lets them steal customer databases, later used for extortion. The attacks are linked to ShinyHunters and Scattered Spider and have already hit major firms like Google, Cisco, Adidas, Qantas, and Allianz.Follow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, data breach)