Farmers Insurance Sued in Class Action Lawsuit after Massive Data Breach

By Shant Karnikian

Kabateck LLP has filed a nationwide class action complaint against Farmers Insurance following a disastrous data breach. The suit is brought on behalf of Plaintiff Harout Garabedian, and “all others similarly situated,” for current and future harms caused by a “massive and preventable” cyber attack that has exposed the highly sensitive personal information of nearly 1.1 million Farmers policyholders.

The suit contends that Defendants, including Farmers Group, Inc., Farmers Insurance Exchange, Truck Insurance Exchange, and Fire Insurance Exchange, failed to properly secure and safeguard policyholders’ personally identifiable information stored within Defendants’ information network, and, when a major data breach was discovered, neglected to inform customers for several crucial months.

Understanding the Farmers Insurance Data Breach

Farmers Insurance is one of the three biggest players in the country’s insurance market, covering homes, vehicles, and small businesses. Founded in 1927, it is consistently a Fortune 500 company, serving more than 10 million households, with over 19 million individual policies written across all 50 states.

The current data breach affects as many as 1,071,172 policyholders.

Farmers announced the breach in late August through a notice on the company website and letters to customers — but the critical breach actually occurred months earlier.

On May 30th, a third-party vendor alerted Farmers of suspicious activity detected the day before: an unauthorized actor had illegally accessed a database containing Farmers’ policyholders’ information on May 29th.

Farmers launched an investigation with both internal and external security experts, and by July 24, determined that the compromised information included sensitive personal details such as customers’ names, birthdates, driver’s license numbers, and, in some cases, the last four digits of their social security numbers — all of which can be used in identity theft, fraud, and targeted exploitation of individuals.

Farmers finally notified customers of the breach in writing beginning around August 22 and published a public notice on its website.

According to Farmers, the breach was part of a large wave of cyberattacks that stemmed from a data breach involving Salesforce, a software company contracted by Farmers. Similar attacks have impacted other major companies, including Google. DataBreaches.net has confirmed that the Farmers breach was part of a larger hacking campaign by the cybercriminal group ShinyHunters.

Companies that store their customers’ private, sensitive information owe their clients a duty of care to safeguard that data. The Farmers catastrophe highlights the inherent risks of outsourcing management of sensitive data to third-party vendors, an increasingly common practice in the digital age.

What should Farmers customers do now? 9 expert tips

1. Utilize monitoring services. Farmers Insurance is offering impacted customers 24 months of free credit and identity-monitoring services to help detect fraud or misuse of their personal information. Register before November 25, 2025, at www.mytrueidentity.com.
2. Change passwords connected to your Farmers account(s), and don’t reuse the same passwords across multiple sites and accounts. Implement two-factor identification where possible.
3. Check your email and regular mail for notifications that you may have been impacted by the breach.
4. Regularly scrutinize all your financial accounts and statements for any signs of suspicious activity (ex, unauthorized transactions). Promptly report discrepancies.
5. Get copies of your credit reports from all three main credit bureaus and review them very carefully for any suspicious, unfamiliar, or unauthorized activity (ex, accounts opened in your name, inquiries you did not make).
6. Initiate fraud alerts with your financial institutions.
7. Watch out for subsequent phishing attempts. Thieves may try to use information gathered in the initial data breach to obtain further personal details. Beware of scam phone calls, messages, and emails asking for financial or personal information; don’t click on links or supply any information unless you have verified that the communication is legitimate. Look for unfamiliar sender addresses, unusual attachments, or high-pressure language (ie. This is your last chance to renew your warranty!).
8. Locks and freezes may feel inconvenient, but if you know or suspect that your personal information has been breached, consider initiating a credit lock or freeze with the major bureaus to prevent thieves from opening new accounts, etc.
9. Talk to a lawyer. Victims of the data breach may be eligible to pursue compensation. If you have received notification that your information was compromised, reach out to one of the experienced and knowledgeable consumer rights attorneys at KBK.