2 days ago
3
Insurance company Globe Life is notifying 850,000 individuals of a data breach that might have involved their personal, health, and insurance information.
The data breach, Globe Life told the Securities and Exchange Commission in October 2024, was discovered after a threat actor attempted to extort the company, demanding a ransom payment in exchange for not publishing stolen information.
The compromised data, the company says, belongs to customers and customer leads, and was likely exfiltrated from its subsidiary American Income Life Insurance Company.
According to Globe Life, the compromised information includes names, addresses, dates of birth, Social Security numbers, email addresses, phone numbers, health information, and insurance policy information.
The insurer said at the time that roughly 5,000 people might have been affected, and that no credit card data, banking information, and other financial information was compromised.
In a January 30 filing with the SEC, the company revealed that the compromised data was “traced to specific databases maintained by a small number of independent agency owners”, and that it could not confirm whether the threat actor stole the information of other individuals.
However, it decided to notify approximately 850,000 additional individuals of the incident, as their personal information was also stored in the compromised databases, underlining that it “has not been able to confirm if the threat actor acquired these additional individuals’ data”.
Globe Life told the SEC that it would be providing all the potentially impacted individuals with free credit monitoring services.
Advertisement. Scroll to continue reading.
“The company has confirmed the extortion attempts did not involve the use of ransomware or result in any interruption to the company’s systems, services, or business operations. The Company continues to communicate with regulatory authorities and law enforcement,” Globe Life said.
The insurer will seek reimbursement for the costs associated with the incident, from its insurers, and believes that the data breach has not had nor would have a material impact on its financial condition or results of operations.
Globe Life did not say when or how the data breach occurred, nor who might be responsible for it, and it is unclear whether the extortion attempt was related to the data breach the company was investigating in June last year.
SecurityWeek has contacted the company for additional information and will update this article if it responds.
Related: 152,000 Impacted by Data Breach at Berman & Rabin
Related: Improving SecOps: How Simplification, Visibility, and Analytics Can Drive Success