Farmers Insurance has confirmed a breach affecting more than 1.07 million customers nationwide.
The intrusion traces to a third-party vendor and links to a broader wave of attacks targeting Salesforce environments. Google, Cisco, Adidas, Qantas, and Allianz have also fallen victim.
The breach began on 29 May. Farmers’ notification explains: “One of Farmers’ third-party vendors alerted Farmers to suspicious activity involving an unauthorized actor accessing one of the vendor’s databases containing Farmers customer information.”
The vendor’s monitoring tools detected the intrusion. The activity was contained. The attacker was blocked.
Farmers moved quickly. “With the assistance of a third-party data-review expert, Farmers conducted a comprehensive review to determine what data had been accessed and acquired, whether the data contained personal information, and to whom the personal information belonged,” the notice reads.
By 24 July the review confirmed customer data had been acquired. Notices were sent on 22 August.
The information exposed includes names, addresses, dates of birth, driver’s license numbers, and the last four digits of Social Security numbers.
Farmers is offering two years of free identity-monitoring services through CyberScout.
The attack is part of a persistent campaign by groups tracked as UNC6040 and UNC6240. Their method is deliberate: phone scams, convincing employees to connect malicious apps to their Salesforce accounts.
Once inside, they extract databases for later extortion. These groups are tied to ShinyHunters and Scattered Spider, known for hitting high-profile targets.
Farmers Insurance, a nationwide network with 48,000 agents and 21,000 employees, contained the breach quickly.
Authorities were notified, but the incident highlights a broader issue. Cloud platforms and third-party vendors remain vulnerable. Detection can be fast. Containment can succeed. Yet exposure is inevitable if vigilance lags even briefly.
Supply Chains Under Attack
Piyush Pandey, CEO at Pathlock, says with the supply chain now a growing target for malicious actors, entities that provide services to large enterprises – and handle regulated sensitive data on their behalf – must ensure appropriate security controls are in place to protect that data from threats.
“One of the key elements to address this is to implement robust access governance, including the ability to detect unauthorized access in real time – so that malicious activity can be identified and shut down before any data is exfiltrated.”
Unfortunately, it is not uncommon for a particular industry sector to suffer from a surge of attacks, or seemingly targeted attacks, in phases of threat actor operations, adds Ben Hutchison, Associate Principal Consultant at Black Duck.
Doubling Down
“They may be considered victims of the moment, as unfortunately, once a particular attack or threat actor group has been successful in compromising a specific target/sector, this can serve as motivation both for others to engage in similar efforts and for the specific threat actor to double down on their efforts and launch attacks against similar targets,” Hutchison says.
“Given the recent rising trend in attacks targeting finance, retail organizations, and the insurance industry, these organizations should treat this data breach as yet another wakeup call to ensure they are prioritizing their cybersecurity and digital resiliency.
Striking a Balance
The repercussions of a large-scale data breach on entities like these extend far beyond the company’s boundaries, comments Geoff Haydon, CEO at Ontinue. “It is imperative for businesses to strike a balance between technological advancement and security. These incidents should serve as a wake-up call for the industry, urging companies to fortify their defenses and foster a culture of cybersecurity awareness, thereby safeguarding their interests.”
Haydon says to protect against such incidents, companies must adopt a multi-faceted approach to cybersecurity. “This includes regular security audits, employee training, and the implementation of robust security protocols. Organizations should also appropriately segment their networks, thus isolating critical systems from potential breaches and ensuring continuity in case of an attack.”
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.