U.S. insurer Globe Life faces ransom demand following a major breach

News21 Oct 2024

U.S. insurance company Globe Life said unknown cyber criminals have demanded a ransom payment in exchange for not publishing the sensitive personal and healthcare information of its customers on the Internet.

In a filing with the US Securities and Exchange Commission, Globe Life said that immediately after receiving the ransom demand, it launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

“Based on the Company’s investigation to date, which remains ongoing, the Company believes that information relayed to the Company by the threat actor may relate to certain customers and customer leads that can be traced to the Company’s subsidiary, American Income Life Insurance Company.

“This information includes certain personally identifiable information categories such as names, email addresses, phone numbers, postal addresses, and in some instances Social Security numbers, health-related data, and other policy information for approximately 5,000 individuals; however, the total number of potentially impacted persons or the full scope of information possessed by the threat actor has not been fully verified,” reads the filing.

Globe Life added that the compromised data doesn’t include credit card data and banking information.

While the company did not disclose how the threat actors acquired this information, in June, the company notified the SEC about an inquiry from a state insurance regulator about “potential vulnerabilities related to access permissions and user identity management for a Company web portal that likely resulted in unauthorised access to certain consumer and policyholder information.”

Globe Life said it worked with relevant law enforcement authorities and external cyber security experts to remediate the situation.

“As the investigation of the incident is ongoing, the full scope, nature and impact of the incident are not yet known; however, as of the date of this report, the incident has not had a material impact on the Company’s operations, and the Company has not determined whether this is a material cybersecurity incident required to be reported under Item 1.05 of Form 8-K,” Globe Life added.