Farmers Insurance says 1 million customers affected by cyberattack on third-party vendor

More than one million customers of Farmers Insurance and its subsidiaries were impacted by a cyberattack on a third-party vendor.

Farmers Insurance, Farmers Insurance Exchange and several other affiliated companies filed breach notification documents in Maine, California and Massachusetts on Friday while also providing notice on the company website. 

The company, which is itself a subsidiary of Zurich Insurance Group, said it was informed by a third-party vendor on May 30 that hackers accessed a database containing Farmers’ customer information. 

The database contained names, dates of birth, driver’s license numbers and the last four digits of people’s Social Security numbers. The insurance company said 1,071,172 people were affected. 

According to Farmers, the vendor had monitoring tools that allowed them to detect the incident and contain the cyberattack. Farmers concluded its investigation last month and determined that customer personal information was stolen. 

Victims are being offered two years of identity theft protection services. 

Farmers Insurance did not respond to requests for comment about which vendor was attacked. The company reported $2.2 billion in profits in 2024. 

The data theft took place amidst a spate of cyberattacks targeting the insurance industry. In May and June, insurance companies Aflac, Erie Insurance, Philadelphia Insurance Companies and others reported cyber incidents. 

Last month, Allianz Life said it also suffered a data breach and later told a news outlet that a "majority" of its 1.4 million customers had data stolen. 

Several incident response firms, including Google-owned cybersecurity company Mandiant, attributed some of the insurance industry attacks to the Scattered Spider cybercriminal organization.