Farmers Insurance has reported a data breach affecting the personal information of over 1 million individuals, according to filings with state regulators and a notice on its website.
The insurer, which serves about 10 million households and manages 19 million insurance policies nationwide, disclosed the incident late last week. Farmers Insurance provides a range of products, including auto, property, life, and commercial insurance, and employs approximately 48,000 agents and 21,000 staff members across the United States.
Separate notifications were filed by Farmers New World Life Insurance and its parent company, Farmers Group, a subsidiary of Zurich Insurance Group. The notification from Farmers New World Life Insurance to the Maine Attorney General’s Office listed 40,000 affected individuals.
A separate filing from Farmers Group, submitted on behalf of Farmers Insurance Exchange and its subsidiaries and affiliates, reported that 1,071,172 people were impacted.
According to the notifications, Farmers Insurance was not the direct target of a cyberattack. Instead, the company was informed by a third-party vendor on May 30 that unauthorized access had occurred to a database containing Farmers customer information. The investigation determined that the attacker accessed and exfiltrated certain data a day before the breach was discovered.
A security incident notice posted on the Farmers Insurance website stated that the compromised data included names, addresses, dates of birth, driver’s license numbers, and the last four digits of Social Security numbers. The notification samples provided to state authorities were redacted.
The breach at Farmers Insurance occurred during a period of heightened cyber activity in the insurance sector. Between May and June, several other major insurance companies, including Aflac, Erie Insurance, and Philadelphia Insurance Companies, also reported cyber incidents.
It remains unclear whether the third-party vendor was the victim of a ransomware attack. Farmers Insurance has not identified the vendor involved, and it is not confirmed if the vendor’s name has appeared on any ransomware leak sites.
“We take the privacy and security of our customers’ information seriously and are working with law enforcement and cybersecurity experts as part of our response,” the company said in its statement. Farmers Insurance is offering support to those affected and has notified relevant authorities as required by law.
Similarly, Gallagher reached a $21 million settlement following a 2020 data breach that exposed personal identifiable information of millions of individuals.
What are your thoughts on this story? Please feel free to share your comments below.
