Industry - Data Breach
Executive Summary
The ShinyHunters ransomware group breached American insurance company Kemper Corporation in April 2024 through social engineering attacks on its Salesforce environment, compromising data from 269,299 accounts. The leaked information included email addresses, names, phone numbers, physical addresses, and partial payment card details including the last four digits, expiry dates, and card brands. Kemper confirmed the incident and reported engaging cybersecurity experts and law enforcement.
What Happened
In April 2024, the ShinyHunters ransomware group breached Kemper Corporation, an American insurance holding company, by using social engineering tactics to access its Salesforce environment. The attackers obtained data from 269,299 accounts and later published tens of gigabytes of information as part of a pay-or-leak extortion campaign. The compromised data included email addresses, names, phone numbers, physical addresses, and partial payment card details such as the last four digits, expiration dates, and card brands. Kemper acknowledged the breach and engaged third-party cybersecurity experts while notifying law enforcement.
Who Is Affected
Approximately 269,299 individuals whose information was stored in Kemper Corporation's Salesforce environment are affected. The breach exposed their personal contact information including email addresses, names, phone numbers, and physical addresses, as well as partial payment card data. This was part of a broader campaign by ShinyHunters targeting hundreds of organizations using similar social engineering methods against Salesforce environments.
Why It Matters
This incident highlights the vulnerability of cloud-based customer relationship management systems like Salesforce to social engineering attacks, demonstrating that even enterprise-level platforms can be compromised through human manipulation rather than technical exploits. The breach is significant because it exposed partial payment card information alongside comprehensive personal contact details, creating heightened risks for financial fraud and identity theft. The campaign's scale - targeting hundreds of organizations with the same method - suggests a systematic exploitation of trust relationships between employees and cloud service providers.
What You Should Do
If you are a Kemper customer or believe your data may have been included in this breach, immediately change your password on your Kemper account and any other accounts where you used the same password. Enable two-factor authentication on all accounts that support it, especially financial and insurance accounts. Monitor your credit card statements and bank accounts closely for unauthorized transactions, and consider placing a fraud alert or credit freeze with the major credit bureaus. Be vigilant against phishing attempts, as attackers now have your contact information and may send targeted scam emails or calls pretending to be from Kemper or related financial institutions.
Summary generated from verified sources and reviewed before publication. How we summarize.
Sources