A third-party vendor experienced a cyber incident that compromised a Farmers Insurance customer database. The incident may be connected to an ongoing Salesforce social engineering campaign. Affected data includes names, addresses, birth dates, driver’s license numbers, and the last four digits of Social Security numbers. Approximately 1.1 million customers are impacted. Supply chain vendors that handle regulated sensitive data require appropriate security controls and robust access governance, including real-time detection of unauthorized access, to prevent data exfiltration. Sectors that suffer successful compromises can attract additional threat actors, making prioritization of cybersecurity and digital resiliency essential for finance, retail, and insurance organizations.
With the supply chain now a growing target for cybercriminals, organizations that provide services to large enterprises - and handle regulated sensitive data on their behalf - must ensure appropriate security controls are in place to protect that data from threats. One of the key elements to address this is to implement robust access governance, including the ability to detect unauthorized access in real time - so that malicious activity can be identified and shut down before any data is exfiltrated.
Unfortunately, it is not uncommon for a particular industry sector to suffer from a surge of attacks, or seemingly targeted attacks, in phases of threat actor operations. They may be considered victims of the moment, as unfortunately once a particular attack or threat actor group has been successful in compromising a specific target/sector, this can serve as motivation both for others to engage in similar efforts and for the specific threat actor to double down on their efforts and launch attacks against similar targets. Given the recent rising trend in attacks targeting finance, retail organizations and the insurance industry, these organizations should treat this data breach as yet another wakeup call to ensure they are prioritizing their cybersecurity and digital resiliency.
Collection
[
|
...
]