Farmers Insurance Breach May Have Leaked Data of More Than 1M Customers
Farmers Insurance may have suffered a breach that leaked the sensitive information of more than a million customers, a law firm investigating the incident said Monday. Multiple states also reported the breach recently.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
“Although the breach occurred in May 2025, Farmers Insurance did not begin notifying affected individuals until on or around August 22, 2025, which may have violated state and federal laws,” law firm Schubert Jonckheer said in a press release. The firm is investigating the breach on behalf of potential victims.
Farmers Insurance has not revealed what information was leaked when an unauthorized third party gained access to and acquired files from the company systems, Schubert Jonckheer said. The unauthorized access occurred on May 29 and was discovered the next day, the law firm said.
The Farmers Insurance website has a page notifying visitors of the breach. It said that one of the company’s “third-party vendors alerted Farmers to suspicious activity involving an unauthorized actor accessing one of the vendor’s databases containing Farmers customer information,” as the “vendor had monitoring tools in place, which allowed the vendor to quickly detect the activity and take appropriate containment measures, including blocking the unauthorized actor.”
“After learning of the activity, Farmers immediately launched a comprehensive investigation to determine the nature and scope of the Incident and notified appropriate law enforcement authorities,” the website statement added. The investigation revealed that certain data was acquired, and a subsequent review with assistance from a third party determined what personal information was impacted and to whom the data belonged. The insurance company said it started notifying affected individuals in writing "on or around" Aug. 22.
California’s attorney general website included a breach notification on Friday. The Maine attorney general's office also reported the breach Friday, saying that 301 of the 1,071,172 impacted were Maine residents. The Texas OAG reported the breach Monday, and said that 178,146 Texans were affected.
Montana reported the breach with two entries, one for Farmers Insurance Exchange and Farmers Group, which impacted 8,252 state residents, and the other for Farmers New World Life Insurance Company, which affected 263 Montanans. Both notifications were reported Friday.
A copy of the notification letter sent by the California-based company, included in the Maine and California AGs’ reports, echoed the information included on the webpage and added that the company is “unaware of any instances in which the personal information subject to unauthorized access and acquisition in this Incident has been misused.” But the company said it is offering two years of free identity-monitoring services to those affected.
“Upon learning of the Incident, Farmers reviewed its integrations with the third-party vendor, ensuring the vendor is complying with all required security protocols and further enhancing its security technologies and processes," the company added.