// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-hibpDTG 0600Z
Breach Record

Kemper

DISCLOSED 2026-04-15 · STOLEN CREDS · 269,299 RECORDS EXPOSED

In April 2026, the American insurance holding company Kemper Corporation was named by the ShinyHunters ransomware group in a "pay or leak" extortion campaign. The attackers allegedly accessed Kemper's Salesforce environment via social engineering as part of a broader campaign targeting hundreds of organisations using the same method. The group later published tens of...

The record

What we know

Disclosed
2026-04-15
Attack vector
Stolen Creds
Records exposed
269,299
Domain
kemper.com
Data classes exposed
Email addressesNamesPartial credit card dataPhone numbersPhysical addressesPurchases
Sources

Cited reporting

Similar vector · recent

Other stolen creds breaches on file

This page is the permanent ColdRecon entry for the Kemper disclosure. It updates if new public reporting emerges. All tracked breaches →

Kemper just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →