Farmers Insurance disclosed a data breach affecting about 1.1 million customers after a third‑party vendor’s database was compromised in a broader wave of Salesforce data theft campaigns. The company said the incident was detected following an alert from the vendor on May 30, 2025, and that Farmers immediately launched an investigation and notified law enforcement.
The breach occurred at a vendor that provides services to Farmers and involved an unauthorized actor accessing the vendor’s database containing Farmers customer information. The vendor’s monitoring tools detected the activity, enabling rapid containment and notification efforts, according to Farmers’ breach advisory.
Faced data exposure included customers’ names, addresses, dates of birth, driver’s license numbers, and/or the last four digits of Social Security numbers, Farmers said. The company began sending data breach notifications to affected individuals on Aug. 22, while state authorities reviewed the scope of the incident.
Maine officials confirmed the scope of impact in published sample notices, which show a combined total of 1,111,386 customers were affected across notices.
The breach is part of the wider Salesforce data theft campaign observed this year, in which threat actors have used social engineering and vishing to induce employees to connect malicious OAuth apps to Salesforce instances. The attackers then exfiltrate databases and attempt to extort victims through email.
Farmers did not publicly name the third‑party vendor involved in the incident. In context, the attack aligns with reporting on a broader campaign that has affected multiple organizations across industries, including large consumer brands and service providers.
For readers seeking related context, a report on the broader Salesforce‑linked data theft is available here.