State Farm, an American group of insurance and financial services companies, disclosed that it has been a victim of a credential stuffing attack. The attack was discovered in July 2019. The company notified the impacted users, but didn’t disclose how many users were affected.
Credential stuffing occurs when bad actors steal usernames and passwords from one online account, and then try them on other online account, revealing additional user information.
In response to the attack, State Farm reset the passwords of the impacted accounts.
Read more about it here.