Kemper Corporation had data on approximately 269,000 individuals exposed after the ShinyHunters ransomware group accessed its Salesforce environment via social engineering and published the stolen data in an extortion campaign.
What happened
According to HIBP, in April 2026 the ShinyHunters ransomware group targeted Kemper Corporation as part of a broader extortion campaign affecting hundreds of organizations. The attackers reportedly gained access to Kemper's Salesforce environment through social engineering. The group later published tens of gigabytes of data after demanding payment.
Kemper confirmed the incident, stating it had engaged third-party cybersecurity experts and notified law enforcement, according to HIBP.
What was exposed
Reported by HIBP, the published data included names, email addresses, phone numbers, physical addresses, and partial payment card data — specifically the last four digits, expiry dates, and card brands. Purchase records were also included among the exposed Salesforce and Stripe payment logs.
Who is affected
Approximately 269,000 unique email addresses were identified in the leaked data, according to HIBP. Those affected are likely Kemper customers or business contacts whose information was stored in the company's Salesforce environment.
What to do now
Monitor your financial accounts and credit card statements for any suspicious activity. Although only partial card data was exposed, remain alert for phishing attempts that may use your name, address, or phone number to appear legitimate. Consider placing a fraud alert with the major credit bureaus. If you receive communications from Kemper about this incident, follow their guidance on next steps.