A recently discovered data breach may impact more than one million customers of Farmers Insurance, warned a recent notification to Maine’s Attorney General.
Farmers Insurance Exchange, Farmers Group, Inc. (its attorney-in fact), and their subsidiaries and affiliates provided n
otice of the security incident that could reveal personal customer information.
The insurer’s notice, available on its website, provides details about the incident that may impact 1,071,172 policyholders.
On May 30, 2025, a third party vendor alerted Farmers to sus
picious activity involving an unauthorized actor accessing one of the vendor’s databases containing Farmers customer information.
Monitoring tools allowed the vendor to detect the activity and take a
ppropriate containment measures, including blocking the unauthorized access.
Farmers launched a comprehensive investigation to determine the nature and scope of the breach, while notifying law enforcement.
The investigation revealed the vendor’s database was actually accessed on May 29, 2025, with some data access by the unauthorized user.
A comprehensive review was performed to determine what data had been accessed and acquired, whether
the data contained personal information, and to whom the personal information belonged.
See more beautiful photo albums Here >>>
On July 24, 2025, the review determined that certain personal information related to a select population of Farmer
s customers was subject to unauthorized access and acquisition.
Farmers began sending written notices to the affected individuals on or around August 22, 2025.
The following types of personal information were contained in the dat
abase: name, address, date of birth, driver’s license number, and/or last four digits of Social Security number.
There was no evidence showing additional personal information was accessed.
Farmers is providing free access to Cyberscout Single Bureau Cre
dit Monitoring/Single Bureau Credit Report/Single Bureau Credit Score for twenty-four (24) months to those who may be impacted by the breach.
The breach follows several incidents involving US insurers this year. Among them were Erie and Philadelphia insurance companies. In June, analysts at Google’s Mandiant warned the cybercrime group kn
own as Scattered Spider was focusing on the insurance industry.