In early September, I began hearing from readers all across the country who had the same question: “Should I drop my current policy with Farmers Insurance and go with some other company?”
This was the first time in decades that so many people had the same question about one insurance company. The last time was in the early 1990s, in reference to Executive Life Insurance Company in California and New York. They were among the largest failures of life insurance companies in U.S. history.
Prior to their crashes, I wrote a column about them, and to anyone who asked, my advice was to run.
Sign up for Kiplinger’s Free Newsletters
Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more – straight to your e-mail.
Profit and prosper with the best of expert advice – straight to your e-mail.
Kiplinger’s Adviser Intel, formerly known as Building Wealth, is a curated network of trusted financial professionals who share expert insights on wealth building and preservation. Contributors, including fiduciary financial planners, wealth managers, CEOs and attorneys, provide actionable advice about retirement planning, estate planning, tax strategies and more. Experts are invited to contribute and do not pay to be included, so you can trust their advice is honest and valuable.
But these recent calls were different, and of course, I wanted to know why. There had to be a common denominator. Now, you might think that it had something to do with the way Farmers’ claims adjusters were handling claims, but it wasn’t.
Every person who called had been the victim of identity theft resulting from a massive data breach that was not caused by Farmers. So, why was Farmers getting such negative attention? And why now?
“Julie” in Greenville, North Carolina, sent me the answer, an innocuous-sounding “Notice of Security Incident” from Farmers about the data breach.
Not so fast, fair and friendly
To paraphrase the notice (you can read it in full here): On May 30, 2025, one of our vendors informed us about suspicious activity of an unauthorized actor who accessed our databases that contained customer information. We conducted a review to determine what personal information had been obtained.
But it wasn’t just the data breach that was so upsetting. Farmers, whose motto is “Fast, Fair and Friendly,” waited almost three months — until the very end of August — to tell their policyholders about the May breach (which involved its third-party vendor Salesforce).
Typically, insurance companies will notify policyholders within 30 to 60 days of a data breach, depending on state and federal laws. California and New York require notification within 30 days.
Farmers would most likely drop you like a ton of bricks within a month of you missing a premium payment, and yet, it took almost three months for it to notify its customers of the data breach.
Adding insult to injury, the first sentence in its security notice begins with these galling words: “Out of an abundance of caution, we are broadly providing notice of a security incident that may have involved personal information of certain individuals.”
“Out of an abundance of caution…”? Three months after the breach was discovered!
Looking for expert tips to grow and preserve your wealth? Sign up for Adviser Intel (formerly known as Building Wealth), our free, twice-weekly newsletter.
One policyholder — a claims adjuster, actually — was furious. He told me, on the condition of anonymity to avoid reprisals, “In my job, I deal with a lot of people who get very angry. If my personal information falls into the wrong hands, both I and my family are at risk.
“The way Farmers handled this data breach is concrete proof of an uncaring, callous attitude and gross negligence bordering on intentional. If one of our insureds had done something like this, I would deny them coverage, as this behavior was so outrageous and isn’t just an oversight.”
He was not alone in feeling that way.
Why a breach of this nature is so dangerous
If you’ve had to deal with identity theft resulting from a data breach — or the fear of becoming an identity theft victim — then you know all about anxiety and sleepless nights. We entrust insurance companies with highly sensitive personal information.
For those impacted by a data breach, the risks often include, but are not limited to:
- Identity theft used to commit financial fraud by obtaining fraudulent loans
- Phishing scams developed from stolen personal information
- Criminal activities such as stalking
What you can do if a data breach affects you
Several class-action lawsuits have already been filed, one by Los Angeles law firm Kabateck LLP. I spoke with managing partner Shant Karnikian, who advises anyone who has been notified that they were affected by the data breach to:
- Enroll in the complimentary identity and credit monitoring service offered by Farmers
- Remain vigilant and regularly review your credit reports and financial statements for signs of suspicious activity
- Be alert for phishing emails or texts that refer to Farmers
- Enable a fraud alert/security freeze with the major credit bureaus — Equifax, Experian and TransUnion — for an extra layer of security
- Keep an eye on your credit report for suspicious activity. You can get a free report weekly through AnnualCreditReport.com
Far-reaching effects of the breach
It is important to bear in mind that the effects of the data breach can extend far beyond the 1.1 million Farmers policyholders whose personal information was stolen.
Beneficiaries of life policies, auto policies with lenders listed as a covered party, homeowners policies listing financial institutions, commercial properties where landlords are listed as additional insureds and many more people connected to the customers affected could also be at risk.
Time will reveal the scope of the damage and just how much could have been prevented if Farmers had acted quickly to notify its policyholders that their personal information had been stolen.
Dennis Beaver practices law in Bakersfield, Calif., and welcomes comments and questions from readers, which may be faxed to (661) 323-7993, or e-mailed to [email protected]. And be sure to visit dennisbeaver.com.
