A recently discovered data breach may impact more than one million customers of Farmers Insurance, warned a recent notification to Maine’s Attorney General.
Farmers Insurance Exchange, Farmers Group, Inc. (its attorney-in fact), and their subsidiaries and affiliates provided notice of the security incident that could reveal personal customer information.
The insurer’s notice, available on its website, provides details about the incident that may impact 1,071,172 policyholders.
On May 30, 2025, a third party vendor alerted Farmers to suspicious activity involving an unauthorized actor accessing one of the vendor’s databases containing Farmers customer information.
Monitoring tools allowed the vendor to detect the activity and take appropriate containment measures, including blocking the unauthorized access.
Farmers launched a comprehensive investigation to determine the nature and scope of the breach, while notifying law enforcement.
The investigation revealed the vendor’s database was actually accessed on May 29, 2025, with some data access by the unauthorized user.
A comprehensive review was performed to determine what data had been accessed and acquired, whether the data contained personal information, and to whom the personal information belonged.
On July 24, 2025, the review determined that certain personal information related to a select population of Farmers customers was subject to unauthorized access and acquisition.
Farmers began sending written notices to the affected individuals on or around August 22, 2025.
The following types of personal information were contained in the database: name, address, date of birth, driver’s license number, and/or last four digits of Social Security number.
There was no evidence showing additional personal information was accessed.
Farmers is providing free access to Cyberscout Single Bureau Credit Monitoring/Single Bureau Credit Report/Single Bureau Credit Score for twenty-four (24) months to those who may be impacted by the breach.
The breach follows several incidents involving US insurers this year. Among them were Erie and Philadelphia insurance companies. In June, analysts at Google’s Mandiant warned the cybercrime group known as Scattered Spider was focusing on the insurance industry.
Related: Insurance Sector Should Be on the Lookout for ‘Scattered Spider’ Hackers
Erie Insurance said no data had been breached by its network outage. Shortly before Erie, Philadelphia Insurance said it was back up and running after its network outage. The insurer denied the event was related to ransomware.
Topics Cyber Data Driven
Was this article valuable?
Here are more articles you may enjoy.
Another HO Insurer, Viceroy, Approved for Florida Market, Regulators Say 
Litigation Funder’s Plan to Invest in Law Firms Called ‘Bad Policy,’ With Big Impacts 
States Rethink Practice of Setting Speed Limits Based on How Fast Drivers Travel 
Swiss Re Tops List of Largest Reinsurers on Its Shift to IFRS-17 Accounting: AM Best 
