Salesforce Sued Over Data Breach Affecting 1.1 Million or More

Salesforce Inc. was hit with a class action in federal court alleging that its servers were breached in May 2025, compromising the sensitive personal information of more than 1.1 million customers of insurer Farmers Group Inc.

Malcolm Scott says Salesforce’s system was breached though compromised costumer access tokens or phishing, and describes the incursion as a “hub-and-spoke” breach, with Salesforce as the hub. Because each of Salesforce’s clients—the spokes—might also be affected by the breach, the actual number of individuals whose data was compromised may be much higher, he says.

The complaint alleges violations of various laws aimed at protecting ...