Farmers Insurance has revealed it experienced a data breach that may be connected to the ongoing Salesforce social engineering campaign. According to a security incident notice sent out by the organization, a third-party vendor experienced a cyber incident that compromised a database of the insurance company’s customers. Affected data includes: 

• Names 
• Addresses 
• Birth dates
• Driver’s license numbers
• Last four digits of Social Security Numbers 

Approximately 1.1 million customers are impacted by this breach. Below, security leaders share their insights. 

Security Leaders Weigh In

Mr. Piyush Pandey, CEO at Pathlock:

With the supply chain now a growing target for cybercriminals, organizations that provide services to large enterprises — and handle regulated sensitive data on their behalf — must ensure appropriate security controls are in place to protect that data from threats. One of the key elements to address this is to implement robust access governance, including the ability to detect unauthorized access in real time — so that malicious activity can be identified and shut down before any data is exfiltrated.

Ben Hutchison, Associate Principal Consultant at Black Duck:

Unfortunately, it is not uncommon for a particular industry sector to suffer from a surge of attacks, or seemingly targeted attacks, in phases of threat actor operations. They may be considered victims of the moment, as unfortunately once a particular attack or threat actor group has been successful in compromising a specific target/sector, this can serve as motivation both for others to engage in similar efforts and for the specific threat actor to double down on their efforts and launch attacks against similar targets. Given the recent rising trend in attacks targeting finance, retail organizations and the insurance industry, these organizations should treat this data breach as yet another wakeup call to ensure they are prioritizing their cybersecurity and digital resiliency.

Geoff Haydon, CEO at Ontinue:

The repercussions of a large-scale data breach on entities like these extend far beyond the company's boundaries. It is imperative for businesses to strike a balance between technological advancement and security. These incidents should serve as a wake-up call for the industry, urging companies to fortify their defenses and foster a culture of cybersecurity awareness, thereby safeguarding their interests.

To protect against such incidents, companies must adopt a multi-faceted approach to cybersecurity. This includes regular security audits, employee training, and the implementation of robust security protocols. Organizations should also appropriately segment their networks, thus isolating critical systems from potential breaches and ensuring continuity in case of an attack.