Security breach of Farmers Insurance vendor exposes data of more than 1 million customers
The data of more than 1 million Farmers Insurance customers has been exposed in a security breach of one of the insurer’s third-party vendors.
Farmers Insurance recently uploaded a notice about the incident on its website. It says the insurer was notified by a third-party vendor regarding suspicious activity involving unauthorized actors accessing databases that contained Farmer’s customer information on May 30.
“The third-party vendor had monitoring tools in place, which allowed the vendor to quickly detect the activity and take appropriate containment measures, including blocking the unauthorized actor,” the notice states. “After learning of the activity, Farmers immediately launched a comprehensive investigation to determine the nature and scope of the Incident and notified appropriate law enforcement authorities.
BleepingComputer reports that it learned the data was stolen in a widespread Salesforce attack. Salesforce is a cloud-based software company that manages customer relationships, sales, and marketing information for other companies.
Farmers’ notification states that an in-depth investigation found an unauthorized actor accessed the vendor’s database on May 29 and acquired data. A third-party data review expert conducted a comprehensive review to determine what data had been accessed.
On July 24, the review determined that personal information related to a select population of customers was subject to unauthorized access and acquisition. This includes name, address, date of birth, driver’s license number, and/or last four digits of Social Security numbers.
“There was no evidence demonstrating that additional personal information was accessed,” the notification said.
Farmers began sending notices to affected individuals on or around Aug. 22, the notice says. A copy of the notice sent to Maine customers was published on the Maine Attorney General’s website. The website notes more than 1 million customers were impacted by the breach overall, which includes about 300 Maine residents.
BleepingComputer reports that threat actors conducted social engineering attacks on Salesforce customers. During the attacks, threat actors conduct voice phishing to trick employees into linking a malicious OAuth app with their computer’s Salesforce instances.
“Once linked, the threat actors used the connection to download and steal the databases, which were then used to extort the company through email,” the article says. “The extortion demands come from the ShinyHunters cybercrime group, who told BleepingComputer that the attacks involve multiple overlapping threat groups, with each group handling specific tasks to breach Salesforce instances and steal data.”
ShinyHunters and Scattered Spider are the same group, BleepingComputer reported.
The attacks impacted several other companies, including Google, Cisco, Workday, Adidas, Qantas, Allianz Life, and LVMH subsidiaries Louis Vuitton, Dior, and Tiffany&Co.
Scattered Spider was also suspected in the Erie Insurance hack that occurred in June. The group is known to continue attacks in the same industry. Hacks made against Aflac and Philadelphia Insurance Companies within weeks of Erie’s attack were also suspected to be Scattered Spider.
Farmers Insurance consumers impacted by the breach can receive two years of free identity monitoring by calling 1-833-426-6809. The number can also be called to ask any questions about the incident.
The company also provides specific information on how consumers can protect themselves, and for consumers located in different states. This information can be found here.
Images
Photo courtesy of Colleen Michaels/iStock