In July, US banking and insurance giant, State Farm, was hit with a credential stuffing attack. Even though the attack occurred last month, the company didn’t notify impacted customers until recently.
State Farm released an advisory briefly summarizing the attack.
According to the company, a “bad actor” obtained a list of user IDs and passwords via “another source” — presumably the dark web. The “bad actor” then attempted to “access State Farm online accounts.”
However, the insurance giant said, “no sensitive personal information was viewable.” And luckily, no fraudulent activity occurred on the affected accounts.
In response to the attack, affected customers are asked to reset their passwords.
Additionally, in a statement to ZDNet, State Farm said it has “implemented additional controls and continue to evaluate our information security efforts to mitigate future attacks.”