Insurance giant Globe Life to settle data breach class action for $4.66 million

American insurance company Globe Life Inc. has agreed to pay $4.66 million to settle a class action lawsuit related to a data breach incident that gave hackers access to over 850,000 customers’ personal information.

 

On October 17, 2024, the insurance giant informed the U.S. Securities and Exchange Commission that it had received threatening communications from malicious actors seeking to extort money in exchange of vast amounts of data stolen from its subsidiary, American Income Life Insurance Company. 

 

Globe Life said that after receiving the communication, it activated an incident response plan and initiated an investigation to determine the amount of data in possession of the malicious actors. After completing the investigation, it determined that the hackers’ had in their possession the sensitive personal information of thousands of insurance customers.

 

"This information includes certain personally identifiable information categories such as names, email addresses, phone numbers, postal addresses, and in some instances Social Security numbers, health-related data, and other policy information for approximately 5,000 individuals; however, the total number of potentially impacted persons or the full scope of information possessed by the threat actor has not been fully verified," the company said.

 

"This information does not appear to contain personally identifiable financial information such as credit card data or banking information. Most recently, the threat actor also shared information about a limited number of individuals to short sellers and plaintiffs’ attorneys. The threat actor claims to possess additional categories of information, which claims remain under investigation and have not been verified," it added.

 

In January 2025, the insurance company, founded in 1900 as Liberty National Life Insurance Company and headquartered in Huntsville, Alabama, stated in a fresh 8K filing with the SEC that it had completed its investigation and determined that the data security incident impacted about 850,000 additional customers whose information was stored in a hacked database.

 

The company said it did not pay the demanded extortion payment and notified federal law enforcement and had begun notifying all affected customers about the incident and its impact on their personal information.

 

"The Company has confirmed the extortion attempts did not involve the use of ransomware or result in any interruption to the Company’s systems, services, or business operations. The Company continues to communicate with regulatory authorities and law enforcement," it added.

 

On Friday, March 6, the insurance giant agreed to pay $4.66 million to settle a class action lawsuit filed by a class of affected customers, including up to $3.4 million in cash payments to class members and $1.26 million in attorneys’ fees.

 

The class action lawsuit, filed in the U.S. District Court for the Western District of Texas, had previously alleged that Globe Life and its subsidiary failed to appropriately secure customers’ information which enabled malicious third parties to gain access to the data and threated to extort the company. The settlement covers two years of free credit monitoring services and a payment of up to $5,000 for each affected policy holder.