Salesforce hit with 14 lawsuits over massive data breaches; hackers stole millions of records; negligence claims mount in San Francisco court
TOI World Desk | TOI Global Desk | Sep 26, 2025, 21:14 IST
14 lawsuits over massive data breaches; hackers stole millions of records; negligence claims mount in San Francisco court
( Image credit : ANI )
Salesforce faces at least 14 lawsuits after hackers linked to ShinyHunters accessed data from millions of customers tied to major companies including TransUnion, Allianz Life, and Farmers Insurance. While Salesforce insists its core platform was not breached, plaintiffs allege negligence for failing to block malicious apps approved through social engineering. The lawsuits, expected to be consolidated in San Francisco, could become one of the company’s largest legal battles to date.
TLDR
Salesforce, one of the world’s largest customer relationship management companies, is facing at least 14 lawsuits after hackers accessed sensitive data from millions of customers tied to TransUnion, Allianz Life Insurance, Farmers Insurance, and others. The attacks, attributed to the hacking group ShinyHunters, reportedly exploited employees through social engineering tactics rather than exploiting flaws in Salesforce’s platform. While Salesforce maintains that its systems were not compromised, plaintiffs accuse the company of negligence for failing to block malicious apps that enabled data theft. The lawsuits are expected to be consolidated in San Francisco federal court, where they could mark one of the biggest legal battles in Salesforce’s history.
Salesforce, one of the world’s largest customer relationship management companies, is facing mounting legal pressure after a string of cyberattacks exposed sensitive data belonging to millions of people. At least 14 lawsuits have been filed this month in federal court in Northern California, naming Salesforce and several high-profile corporate partners as defendants.
The Breaches
Hackers gained unauthorized access to Salesforce customer environments earlier this year, reportedly stealing personal information including names, addresses, birth dates, phone numbers, and in some cases, fragments of Social Security numbers. According to state filings, more than 4.4 million people tied to TransUnion were affected, while both Allianz Life Insurance and Farmers Insurance confirmed breaches impacting over a million customers each. Other companies connected to the fallout include Workday and Pandora Jewelry.
Cybersecurity experts say the breaches were not the result of a direct vulnerability in Salesforce’s platform but rather sophisticated social engineering tactics. Google’s Threat Intelligence team reported that attackers, operating under the name ShinyHunters, posed as IT support staff and persuaded employees to approve malicious applications inside Salesforce systems. Once authorized, the apps provided direct access to sensitive customer data.
In August, Google also linked some breaches to integrations with third-party software, prompting Salesforce to suspend access for certain tools, including Drift, an AI-enabled communication platform.
Lawsuits and Legal Pushback
Despite reassurances from Salesforce that its core platform remained secure, plaintiffs argue the company should have done more to safeguard against manipulation of its systems. The lawsuits, representing at least 23 named plaintiffs so far, accuse Salesforce of negligence and seek class-action status.
“Salesforce is the hub connecting these attacks,” attorney Amber Schubert, who represents several complainants, said in a filing. “By failing to detect and block a malicious app, it exposed the personal information of millions of Americans to cybercriminals.”
Salesforce’s Defense
Salesforce has pushed back strongly against the allegations, maintaining that its technology was not compromised. Company spokesperson Wanda Zhan pointed to Salesforce’s Trust page, which outlines security best practices for customers, and emphasized that the breaches stemmed from human error and outside manipulation rather than flaws in the platform itself.
Google’s cybersecurity team has also publicly supported that view, writing in its reports that the incidents “did not stem from a vulnerability within the core Salesforce platform.”
What’s Next
The lawsuits are expected to be consolidated in federal court in San Francisco, where Salesforce is headquartered. If class-action status is granted, the cases could become one of the most significant legal challenges in the company’s history.
Meanwhile, cybersecurity experts warn that victims of the breaches face heightened risks of identity theft and extortion as attackers attempt to profit from the stolen data.
FAQ
1. What type of data was stolen in the Salesforce breaches?
Hackers accessed personal information including names, addresses, birth dates, phone numbers, and in some cases, fragments of Social Security numbers.
2. How were the breaches carried out?
According to Google’s Threat Intelligence team, attackers posed as IT support staff and tricked employees into approving malicious apps within Salesforce systems, granting them access to customer data.
3. What legal actions are underway?
At least 14 lawsuits have been filed in Northern California federal court accusing Salesforce of negligence. The cases are likely to be consolidated in San Francisco and may proceed as a class action.
Salesforce, one of the world’s largest customer relationship management companies, is facing at least 14 lawsuits after hackers accessed sensitive data from millions of customers tied to TransUnion, Allianz Life Insurance, Farmers Insurance, and others. The attacks, attributed to the hacking group ShinyHunters, reportedly exploited employees through social engineering tactics rather than exploiting flaws in Salesforce’s platform. While Salesforce maintains that its systems were not compromised, plaintiffs accuse the company of negligence for failing to block malicious apps that enabled data theft. The lawsuits are expected to be consolidated in San Francisco federal court, where they could mark one of the biggest legal battles in Salesforce’s history.
Salesforce, one of the world’s largest customer relationship management companies, is facing mounting legal pressure after a string of cyberattacks exposed sensitive data belonging to millions of people. At least 14 lawsuits have been filed this month in federal court in Northern California, naming Salesforce and several high-profile corporate partners as defendants.
The Breaches
Hackers gained unauthorized access to Salesforce customer environments earlier this year, reportedly stealing personal information including names, addresses, birth dates, phone numbers, and in some cases, fragments of Social Security numbers. According to state filings, more than 4.4 million people tied to TransUnion were affected, while both Allianz Life Insurance and Farmers Insurance confirmed breaches impacting over a million customers each. Other companies connected to the fallout include Workday and Pandora Jewelry.
Cybersecurity experts say the breaches were not the result of a direct vulnerability in Salesforce’s platform but rather sophisticated social engineering tactics. Google’s Threat Intelligence team reported that attackers, operating under the name ShinyHunters, posed as IT support staff and persuaded employees to approve malicious applications inside Salesforce systems. Once authorized, the apps provided direct access to sensitive customer data.
In August, Google also linked some breaches to integrations with third-party software, prompting Salesforce to suspend access for certain tools, including Drift, an AI-enabled communication platform.
Lawsuits and Legal Pushback
Despite reassurances from Salesforce that its core platform remained secure, plaintiffs argue the company should have done more to safeguard against manipulation of its systems. The lawsuits, representing at least 23 named plaintiffs so far, accuse Salesforce of negligence and seek class-action status.
“Salesforce is the hub connecting these attacks,” attorney Amber Schubert, who represents several complainants, said in a filing. “By failing to detect and block a malicious app, it exposed the personal information of millions of Americans to cybercriminals.”
Salesforce’s Defense
Salesforce has pushed back strongly against the allegations, maintaining that its technology was not compromised. Company spokesperson Wanda Zhan pointed to Salesforce’s Trust page, which outlines security best practices for customers, and emphasized that the breaches stemmed from human error and outside manipulation rather than flaws in the platform itself.
Google’s cybersecurity team has also publicly supported that view, writing in its reports that the incidents “did not stem from a vulnerability within the core Salesforce platform.”
What’s Next
The lawsuits are expected to be consolidated in federal court in San Francisco, where Salesforce is headquartered. If class-action status is granted, the cases could become one of the most significant legal challenges in the company’s history.
Meanwhile, cybersecurity experts warn that victims of the breaches face heightened risks of identity theft and extortion as attackers attempt to profit from the stolen data.
FAQ
1. What type of data was stolen in the Salesforce breaches?
Hackers accessed personal information including names, addresses, birth dates, phone numbers, and in some cases, fragments of Social Security numbers.
2. How were the breaches carried out?
According to Google’s Threat Intelligence team, attackers posed as IT support staff and tricked employees into approving malicious apps within Salesforce systems, granting them access to customer data.
3. What legal actions are underway?
At least 14 lawsuits have been filed in Northern California federal court accusing Salesforce of negligence. The cases are likely to be consolidated in San Francisco and may proceed as a class action.