ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

Kemper Data Breach

kemper.com
Limited exposure
Verified breach
Accounts exposed 269,299
Breach date 15 Apr 2026
Added to tracker 28 May 2026
Data classes 6

What happened

In April 2026, the American insurance holding company Kemper Corporation was named by the ShinyHunters ransomware group in a "pay or leak" extortion campaign. The attackers allegedly accessed Kemper's Salesforce environment via social engineering as part of a broader campaign targeting hundreds of organisations using the same method. The group later published tens of gigabytes of data they claimed included internal directory data, Salesforce records and Stripe payment logs. Among the 269k unique email addresses were names, phone numbers, physical addresses and partial payment card data including the last 4 digits, expiry dates and card brands. Kemper confirmed the incident and stated they had engaged third-party cybersecurity experts and notified law enforcement.

Exposed data

Email addresses Names Partial credit card data Phone numbers Physical addresses Purchases

Recommended actions

  • Watch for targeted phishing emails referencing Kemper โ€” attackers weaponise breach data quickly.
  • Monitor your bank and card statements closely and consider requesting a card replacement.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Exposed identity data raises identity-theft risk โ€” consider credit monitoring or a credit freeze.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP