Farmers Insurance late last week disclosed a data breach impacting the personal information of more than one million individuals. 

According to its website, Farmers Insurance serves roughly 10 million households (19 million insurance policies) across the entire United States, offering car, property, life, commercial and other types of insurance. The insurer has approximately 48,000 agents and 21,000 employees.

Farmers New World Life Insurance and its parent company Farmers Group, which is a subsidiary of Zurich Insurance Group, have filed separate data breach notifications with state authorities. 

The Farmers New World Life Insurance notification filed with the Maine Attorney General’s Office reports 40,000 impacted people. 

The Farmers Group notification with the same AGO, which has also been filed on behalf of Farmers Insurance Exchange and subsidiaries and affiliates, reports 1,071,172 affected individuals.

The notifications reveal that Farmers Insurance was not directly targeted by hackers. Instead, the insurer learned from a third-party vendor on May 30 that it had detected unauthorized access to a database containing Farmers customer information.  

An investigation showed that a day prior to the intrusion being discovered the attacker stole certain data, including customers’ personal information.

The notification samples submitted to state authorities are redacted, but a security incident notice posted on the Farmers Insurance website reveals that the compromised data includes names, addresses, dates of birth, driver’s license numbers, and last four digits of Social Security numbers.

It’s unclear if the third-party vendor has been targeted in a ransomware attack. The company might have been named on a ransomware leak site, but Farmers has not named the vendor.