A new class action lawsuit against Salesforce alleges that the company failed to secure its systems, leaving sensitive customer data vulnerable to attackers. The legal filing follows confirmation that a third-party data breach—apparently tied to the ongoing Salesforce voice-phishing campaign—compromised the personal information of more than 1.1 million Farmers Insurance customers.
The complaint accuses Salesforce of negligence, breach of fiduciary duty, invasion of privacy, and violations of both federal and California consumer protection laws. Plaintiffs argue that Salesforce’s inadequate safeguards have forced victims to take “immediate and time-consuming action” to protect themselves from fraud and identity theft. The lawsuit seeks declaratory and injunctive relief, monetary damages, and coverage of fees and costs.
What Happened at Farmers Insurance
Farmers Insurance, one of the largest insurers in the U.S. with over 10 million policyholders, disclosed that it was notified on May 30, 2025, of unauthorized access to a vendor-managed database. The breach occurred the previous day, prompting immediate containment efforts.
According to Farmers, the vendor had monitoring tools in place that detected the intrusion and quickly blocked the threat actor. Farmers also launched its own forensic investigation and notified federal authorities.
By July 24, the investigation revealed that a “select population” of customers had sensitive personal information exposed, including:
- Names
- Dates of birth
- Addresses
- Driver’s license numbers
- Last four digits of Social Security numbers
In total, 1,111,386 individuals were impacted, according to a filing with the Maine Attorney General’s office. While Farmers says there is no evidence that the data has been leaked or misused, affected customers were notified beginning August 22 and are being offered 24 months of free identity monitoring through CyberScout.
The Salesforce Connection
The Farmers breach appears linked to a widespread voice phishing (vishing) campaign targeting companies that use Salesforce CRM systems. The campaign, attributed to threat actors such as ShinyHunters and UNC6040, relies less on technical sophistication and more on social engineering. Attackers reportedly call IT help desks, impersonate employees, and trick staff into authorizing rogue apps that allow mass data exports.
This tactic has already impacted a range of high-profile organizations, including Google, Cisco, Dior, Louis Vuitton, Chanel, Adidas, Pandora, Workday, and Manpower. Once attackers gain access, they typically exfiltrate sensitive data and demand ransom payments to prevent public leaks.
“The Farmers Insurance breach is a classic example of modern supply chain risk,” said Kevin Marriott, Senior Manager of Cyber and Head of SecOps at Immersive. “Attackers increasingly go after smaller, third-party vendors because they are often the path of least resistance into a larger organization. Security is only as strong as the weakest link in the digital supply chain.”
What the Breach Reveals About Today’s Cyber Landscape
The Farmers Insurance incident highlights two critical realities of today’s cyber landscape:
- Supply Chain Risk – Even if a company maintains strong internal defenses, third-party vendors often serve as weak links. Attackers know this and increasingly exploit CRM platforms and managed service providers.
- The Human Factor – Technical controls alone are not enough. The Salesforce vishing campaign relies on manipulating employees into giving away access, proving that cybersecurity awareness training is as essential as firewalls and monitoring tools.
For consumers, the breach is another reminder of why identity monitoring and proactive data protection are critical. For businesses, it reinforces the need to vet vendors carefully, implement strong third-party risk management programs, and invest in ongoing employee training to counter evolving social engineering tactics.
How Enfortra Helps
As breaches linked to third-party vendors and SaaS platforms become more common, protecting sensitive data requires more than reactive measures. Enfortra’s Privacy360 PII Removal solution helps safeguard consumers, employees, and businesses by reducing the online exposure of personal information and monitoring for potential misuse.
By shrinking the digital footprint of sensitive data and providing real-time alerts, Enfortra equips organizations and individuals with a proactive defense against identity theft and supply chain-driven cyberattacks.
