What Happened
In April 2026, Kemper Corporation, a U.S.-based insurance holding company, suffered a data breach when the hacker group ShinyHunters gained unauthorized access to its Salesforce account via social engineering tactics, stealing approximately 29 GB of data including over 13 million records of sensitive personal information such as names, addresses, dates of birth, Social Security numbers, email addresses, phone numbers, financial details, insurance policy information, claims data, internal corporate documents, employee training materials, and Stripe payment logs with customer names and transaction amounts. The breach was discovered around April 10-13, with ShinyHunters posting samples on the dark web on April 15 after failed negotiations; Kemper confirmed the incident, launched an investigation with third-party experts, and notified law enforcement, prompting multiple class action lawsuits alleging inadequate cybersecurity.


