Financial Services / Insurance (auto, home, life, specialty) / Multi-line insurance holding company / United States
US multi-line insurance holding company (auto, home, life, specialty), serving several million policyholders through agents and direct channels.
The Breach Risk Index (BRI) is a proprietary 0–100 score rating how dangerous a breach is right now, based on how recently the data has been circulating on the dark web and how valuable it is to attackers.
In April 2026, Kemper Corporation was compromised through ShinyHunters' Salesforce social-engineering campaign, which bypassed access controls to reach its CRM environment. ShinyHunters claimed at least 29GB and more than 13 million records; about 269,299 unique email addresses were indexed by Have I Been Pwned, with exposed fields including names, phone numbers, physical addresses and partial payment-card data (last four digits, expiry, card brand) alongside Stripe payment logs containing customer names and transaction amounts. This entry tracks a large circulating set; the 13M figure is an unverified actor claim.
Full threat analysis, exploitation vectors, and principal guidance below.
11 additional sections · verified field analysis · defensive doctrine
1.1M rows records analyzed
Kemper Corporation is a US multi-line insurance holding company headquartered in Chicago, offering auto, home, life and specialty insurance, largely to underserved and specialty markets, through independent agents and direct channels. It is publicly traded and serves several million policyholders.
As a multi-line insurer, Kemper holds policyholder and applicant records including names, contact and address details, phone numbers, partial payment-card data and payment-processing logs, plus internal corporate and employee documents, held in CRM and payment platforms such as Salesforce and Stripe.
On April 12, 2026 ShinyHunters claimed a Kemper breach, threatening to leak more than 13 million Salesforce records; Kemper confirmed the incident, engaged responders and notified law enforcement, and roughly 269,000 unique accounts were subsequently indexed by Have I Been Pwned. Consumer-side investigations have been announced.
An insurer breach exposes policyholders' contact and partial financial data, elevating fraud and phishing risk and triggering notification and regulatory obligations plus announced litigation. The presence of payment-processing logs and partial card data raises the sensitivity above a contact-only exposure and invites scrutiny of Kemper's CRM and payment-integration security.
A financial-institution breach: account, wealth or payment data supports direct fraud and highly credible financial-impersonation scams. For a high-profile principal the main risk is credible impersonation and enrichment of existing exposure.
Motivation: Financial extortion, data sale
A prolific data theft and extortion group that began as a database theft and resale actor and evolved toward SaaS-focused extortion. Recent activity involves vishing, credential harvesting, SSO compromise, and theft of customer data from cloud and SaaS environments.
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation