Farmers Insurance Data Breach Impacts 1.1 Million People After Salesforce Attack

[erek]

"The company says that its investigation determined that customers' names, addresses, dates of birth, driver's license numbers, and/or last four digits of Social Security numbers were stolen during the breach. Farmers began sending data breach notifications to impacted individuals on August 22, with a sample notification [1, 2] shared with the Maine Attorney General's Office, stating that a combined total of 1,111,386 customers were impacted. While Farmers did not disclose the name of the third-party vendor, BleepingComputer has learned that the data was stolen in the widespread Salesforce data theft attacks that have impacted numerous organizations this year.Further reading: Google Suffers Data Breach in Ongoing Salesforce Data Theft Attacks"

Source: https://it.slashdot.org/story/25/08...cts-11-million-people-after-salesforce-attack

 

[sfsuphysics]

it's ok, they'll give you one year of free credit monitoring, all is well!

 

[MrGuvernment]

it's ok, they'll give you one year of free credit monitoring, all is well!

While claiming that your privacy is of upmost importance to them and to saleforce!

 

[Nobu]

it's ok, they'll give you one year of free credit monitoring, all is well!

I still haven't signed up for any credit monitoring services, despite being involved in at least one breach. I know they're already monitoring my shit, signing up for that is just me consenting to it.

 

[toast0]

Oh joy. Thankfully my credit is all frozen cause someone rented a oakland apartment with my wife's info. (Nobody will do anything about that) Was handy when ATT let my info out; BofA wouldn't open a new account with that.

 

[Prince Valiant]

Issue fines to the poor corporate victims already. They'll figure out how to fix their problems when enough go out of business.

 

[Shotglass01]

"Like a bad neighbor, State Farm ain't there..."

 

[serpretetsky]

"Like a bad neighbor, State Farm ain't there..."

They sound similar, but wrong company

 

[Shotglass01]

They sound similar, but wrong company

Dyslexia strong! Apologies.

 

[That_Sound_Guy]

Google warned that a threat actor they classify as 'UNC6040' is targeting companies' employees in voice phishing (vishing) social engineering attacks to breach Salesforce instances and download customer data. This data is then used to extort companies into paying a ransom to prevent the data from being leaked.

One of many reasons I don't answer phone calls from any unknown number.

It's sad I had to teach my family code words to say in voicemails or texts if they have to call me from unknown numbers and having to talk about sensitive matters.

 

[MrGuvernment]

Issue fines to the poor corporate victims already. They'll figure out how to fix their problems when enough go out of business.

This is the reality of what is needed. Fines based on a % of their net profits, not these stupid slaps on the wrist, if they even get that.

All this responsible disclosure stuff, companies claiming to be compliant with frameworks like SOC 2, ISO* and others, and then get breached showing they do not follow the basics of those security frameworks they claim to have...

Like Vanta who released an update which shows other clients, other clients data....talk about failing the basics of your SOC 2 Type 2 attestation.. and they provide the platform for implementing these frameworks...

Or just look at Cisco and how many times now they have been exploited and found to have hardcoded creds in firmware still....year after year..and lets not even get started with Fortinet and their constant exploits and vulnerabilities it seems every other month...

 

[pillagenburn]

Maybe the problem isn't just Farmers and the like but the fact that everyone and their mother has put most or all of their eggs in the Salesforce basket?