Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: hibp (13 articles)Clear

Insurance provider Kemper added to Have I Been Pwned with 269,299 breached accounts; new financial-services dataset searchable

Have I Been Pwned has added US insurance provider Kemper to its breach corpus with 269,299 unique email addresses. Kemper offers auto, home, life, and health insurance across the United States. As is typical for HIBP additions, the underlying breach source and disclosure details are not published alongside the entry, but the listing lets individuals and organizations check whether their accounts appear in the leaked dataset. Affected customers should anticipate insurance-themed phishing - claim-status updates, policy-renewal prompts, or premium-refund lures. The addition continues a steady run of US financial-services and insurance breaches surfacing in HIBP through late May.

Check
Check whether your @corp emails appear in HIBP's Kemper corpus. Warn affected staff and customers about insurance-themed phishing (claims, renewals, refunds) over the next 30-60 days.
Affected
269,299 unique email addresses tied to Kemper insurance accounts (auto, home, life, health). Customers are exposed to targeted insurance-themed social engineering.
Fix
Affected individuals: rotate Kemper passwords, enable MFA, scrutinize unsolicited insurance communications. Organizations: add Kemper to breach-monitoring watchlists and brief help desks on potential impersonation.

Have I Been Pwned adds Ameriprise Financial with 502,597 breached accounts; financial-services dataset newly searchable

Have I Been Pwned has added Ameriprise Financial to its breach corpus with 502,597 unique email addresses. The financial-services giant manages over $1 trillion in assets across wealth management, advisory, and asset-management services. Underlying breach details and the original disclosure source have not been published alongside the HIBP entry, but the addition lets organizations and individuals check whether their accounts appear in the leaked dataset. Customers should expect targeted phishing themed around investment-account verification or advisor-impersonation pretexts. The breach adds to a recent run of financial-services HIBP listings including Marcus & Millichap (1.8M) and Cushman & Wakefield (310K).

Check
Check whether your @corp emails appear in HIBP's Ameriprise breach corpus. Warn affected employees about wealth-management-themed phishing and advisor-impersonation pretexts in the next 30-60 days.
Affected
502,597 unique email addresses tied to Ameriprise Financial accounts. Likely high-net-worth individuals and advisors are over-represented in the dataset compared to typical breach corpora.
Fix
Affected individuals: rotate Ameriprise passwords, enable strongest available MFA, monitor account statements for unauthorized transactions. Treat unsolicited 'Ameriprise' or 'Columbia Threadneedle' contacts as suspicious.

Have I Been Pwned confirms two more ShinyHunters Salesforce extortion victims this week - financial-software firm Abrigo (711K) and insurer Canada Life (237K)

Troy Hunt's Have I Been Pwned added two new ShinyHunters victims this week. Abrigo - a Texas-based fintech that builds risk, compliance, and lending software for thousands of US banks and credit unions - had 711,099 unique email addresses and 1.75 million records lifted from its Salesforce environment in April after refusing to pay the ransom. The Canada Life Assurance Company, one of Canada's largest insurers, had 237,810 accounts confirmed in HIBP from a separate ShinyHunters Salesforce breach. Both fit the pattern of the months-long ShinyHunters mass-extortion campaign that already hit Zara, Woflow, and Instructure, with stolen data sitting in third-party Salesforce tenants rather than the victims' core systems.

Check
Check whether your company has a customer or vendor relationship with Abrigo or Canada Life, search your corporate email domains against Have I Been Pwned, and audit Salesforce Connected Apps and OAuth tokens granted to third-party integrations.
Affected
Customers, lenders, and partners of Abrigo (US community banks, credit unions, lenders) and Canada Life (Canadian insurance, savings, and retirement clients). Any organization with broad Salesforce access for third-party connected apps.
Fix
Rotate Salesforce passwords and API tokens where compromise is suspected, revoke unused Connected Apps in Salesforce setup, enforce MFA on every Salesforce user, and warn affected staff to expect impersonation phishing using the leaked PII.