Farmers Insurance Data Breach Exposes Personal Information of Over 1 Million Individuals

American insurance giant Farmers Insurance said that the data security incident suffered earlier this year compromised the sensitive personal information of more than 1 million individuals.

 

Farmers Insurance is a U.S.-based insurer offering auto, home, life, and business insurance through a network of agents and subsidiaries. It serves over 10 million households across the country.

 

In a data security incident notice filed with the office of Maine Attorney General, Farmers Insurance said that on May 30, suffered a data security incident. The breach occurred when an unauthorised threat actor used social engineering techniques to gain access to a vendor platform used by the company to manage customer data.

 

A social engineering campaign involves threat actors contacting employees, often via text or phone, while impersonating representatives from departments like Human Resources or IT. The goal is to deceive employees into revealing personal information or granting access to their accounts.

 

The insurance provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident. It also took steps to secure the affected network and notified relevant law enforcement authorities about the incident.

 

“The in-depth investigation determined that an unauthorised actor accessed the vendor’s database on May 29, 2025, and acquired certain data. On July 24, 2025, the review determined that certain personal information related to a select population of Farmers customers was subject to unauthorised access and acquisition,” Farmers Insurance said.

 

The compromise data included names, addresses, dates of birth, driver’s license numbers, and last four digits of Social Security numbers. The filing with the Maine state regulator’s office also states that the insurance company has identified at least 1,071,172 individuals affected by the incident.

 

Farmers Insurance has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general. 

 

It has also offered two years of complimentary identity protection and credit monitoring services through Sontiq to all affected individuals.

 

In recent months, several companies have fallen victim to data breaches in which threat actors employed social engineering tactics to gain access to vendor platforms used for managing customer data.

 

A similar incident involving Allianz Life occurred in July where hackers leaked a database stolen from Allianz Life, containing approximately 2.8 million records of individual customers and business partners.