- A third-party vendor notified Farmers of a breach on May 30
- An investigation determined that a million people are affected
- The attackers stole names, driver's license numbers, and SSNs
American insurer group Farmers Insurance has confirmed it recently fell victim to a third-party cyberattack which saw it lose sensitive data on more than a million people.
A data breach notification letter sent out to affected individuals states the company was alerted to the attack on May 30, 2025, when one of its third-party vendors spotted unauthorized access to one of its databases.
Subsequent investigation, which concluded almost two months later, determined that the unnamed threat actors stole names, birth dates, driver’s license numbers, and the last four digits of Social Security numbers (SSN), for exactly 1,071,172 people.
Not all systems are affected in the same way
Servicing mostly individuals and small businesses, Farmers Insurance is part of the Zurich Insurance Group, and last year reported $2.2 billion in profits.
It also owns and operates multiple insurance companies, each focused on different markets, including 21st Century Insurance, Farmers New World Life Insurance Company, Farmers Financial Solutions, Foremost Insurance, and Bristol West Insurance.
The latter two were also hit, with others also possibly affected, as the letter reads, “Some of the brands include Foremost and Bristol West."
Foremost Insurance specializes in specialty lines, including mobile homes, manufactured homes, motorcycles, boats, RVs, off-road vehicles, and even things like landlord/rental property insurance.
Bristol West, on the other hand, covers auto insurance, particularly for people who might not qualify for standard policies due to driving record, credit, or other risk factors.
At press time, no threat actors have yet claimed responsibility for the attack, and Farmers did not see the data being abused anywhere in the wild.
However, it does urge its customers to remain vigilant and be extra careful with incoming emails and other communication claiming to come from the company. Furthermore, it is offering the victims two years of identity theft protection services, free of charge.
Via The Record
You might also like
- Insurance giant Allianz Life says data on over a million US customers stolen in breach - here's how to stay protected
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
