Have I Been Pwned has added US insurance provider Kemper to its breach corpus with 269,299 unique email addresses. Kemper offers auto, home, life, and health insurance across the United States. As is typical for HIBP additions, the underlying breach source and disclosure details are not published alongside the entry, but the listing lets individuals and organizations check whether their accounts appear in the leaked dataset. Affected customers should anticipate insurance-themed phishing - claim-status updates, policy-renewal prompts, or premium-refund lures. The addition continues a steady run of US financial-services and insurance breaches surfacing in HIBP through late May.
Have I Been Pwned has added Ameriprise Financial to its breach corpus with 502,597 unique email addresses. The financial-services giant manages over $1 trillion in assets across wealth management, advisory, and asset-management services. Underlying breach details and the original disclosure source have not been published alongside the HIBP entry, but the addition lets organizations and individuals check whether their accounts appear in the leaked dataset. Customers should expect targeted phishing themed around investment-account verification or advisor-impersonation pretexts. The breach adds to a recent run of financial-services HIBP listings including Marcus & Millichap (1.8M) and Cushman & Wakefield (310K).
Troy Hunt's Have I Been Pwned added two new ShinyHunters victims this week. Abrigo - a Texas-based fintech that builds risk, compliance, and lending software for thousands of US banks and credit unions - had 711,099 unique email addresses and 1.75 million records lifted from its Salesforce environment in April after refusing to pay the ransom. The Canada Life Assurance Company, one of Canada's largest insurers, had 237,810 accounts confirmed in HIBP from a separate ShinyHunters Salesforce breach. Both fit the pattern of the months-long ShinyHunters mass-extortion campaign that already hit Zara, Woflow, and Instructure, with stolen data sitting in third-party Salesforce tenants rather than the victims' core systems.