Farmers Insurance announced late last week that a data breach exposed the personal details of more than one million people.
The company, which provides coverage to about 10 million households nationwide and manages around 19 million policies, offers auto, property, life, business, and other forms of insurance. Farmers operates with a workforce of roughly 48,000 agents and 21,000 employees.
Farmers New World Life Insurance, along with its parent company Farmers Group—part of Zurich Insurance Group—submitted separate breach reports to state regulators.
The notice from Farmers New World Life Insurance, filed with the Maine Attorney General’s Office, listed 40,000 affected individuals. Farmers Group’s filing, submitted on behalf of Farmers Insurance Exchange and other subsidiaries, identified more than 1.07 million impacted people.
According to the disclosures, the incident did not stem from a direct attack on Farmers itself. Instead, on May 30, the company was notified by a third-party vendor that unauthorized access had been detected in a database containing customer information.
Investigators determined that the day before the intrusion was discovered, the attacker had already exfiltrated certain personal records.
While the versions of the notices filed with regulators are redacted, a public statement on Farmers Insurance’s website confirms that the compromised information includes names, addresses, birth dates, driver’s license details, and the last four digits of Social Security numbers.
It remains uncertain whether the third-party vendor was hit by a ransomware attack. Though there are indications the vendor may have appeared on a ransomware leak site, Farmers has not disclosed its identity.