A data leak affecting Kemper Corporation has been claimed by the cybercrime group ShinyHunters, which says it has published millions of records on a dark website following failed negotiations with the company.
The group alleges that more than 13 million records have been leaked, with approximately 29 GB of data taken from Kemper’s Salesforce environment. The dataset is described as containing both personal and corporate information, although the full scope of the exposed material has not been independently verified.
According to the claims, the data was obtained through access to a Salesforce account connected to Kemper. The incident is part of a broader campaign in which attackers have targeted multiple organisations by compromising credentials and gaining access to cloud-based systems.
ShinyHunters posted the alleged data on its leak site on April 15, after previously warning that it would release the information if an agreement was not reached. The group had issued a deadline and referenced a “pay or leak” approach in its communications.
The company has not publicly confirmed the breach. Researchers reviewing sample data shared by the attackers stated that verification efforts are ongoing to determine whether the dataset originates from Kemper systems.
Kemper is a US-based insurance provider offering auto, life, and health coverage, with reported annual revenue of around $5 billion and approximately 10,000 employees.
The incident is linked to a wider set of attacks attributed to ShinyHunters, which has been associated with targeting software as a service platforms and third-party integrations to obtain access to corporate data. These campaigns have involved social engineering techniques used to capture credentials and authenticate into systems without exploiting direct vulnerabilities.
The reported dataset may include personally identifiable information and internal company records. Security researchers state that such data, if confirmed, could be used in identity-related fraud or further intrusion attempts, depending on its contents.
The total number of affected individuals and the duration of the exposure have not been disclosed. No details have been provided regarding notification of affected customers or regulatory response at the time of reporting.