Hackers Extort Globe Life with Stolen Data

Millions of Americans rely on Globe Life for health and life insurance, but the company now faces extortion threats after a hacker stole sensitive client information.

On Thursday, the Texas-based conglomerate disclosed in a regulatory filing with the U.S. Securities and Exchange Commission that it had “recently received communications” from an unidentified threat actor attempting to hold the company ransom in return for the non-disclosure of data taken from its systems.

Globe Life has identified its American Income Life Insurance Company (AIL) subsidiary as the source of the leaked data. This data contains sensitive information such as customers’ names, postal addresses, and phone numbers. The company’s statement states that in “some cases,” the data also includes health-related information, Social Security numbers, and other policy details.

According to Globe Life, over 5,000 people have been affected by the data breach so far. However, they do acknowledge that the “total number of potentially impacted persons or the full scope of information possessed by the threat actor has not been fully verified,” meaning that the actual number of affected people is probably higher. According to Globe Life, there are around 17 million active policies, while AIL reported at least two million policyholders in its most recent public filing.

In their filing, Globe Life states that the hacker in question “claims to possess additional categories of information, which claims remain under investigation and have not been verified,” but reassures them that the stolen data does not seem to include any financial details like bank account numbers or credit card numbers.

Globe Life has stated that the cybersecurity incident did not involve file-encrypting ransomware, suggesting that it was merely an extortion attack.

The organisation has seen that the threat actor has given “information about a limited number of individuals to short sellers and plaintiffs’ attorneys” in Globe Life’s case, perhaps in an effort to extort money from the company.

The demands of the hackers are currently unknown. Additionally, Globe Life has reported the matter to federal authorities.

Related Posts