American insurance giant Globe Life is facing extortion demands from hackers who stole data on over 5,000 individuals from one of its subsidiaries.
The insurance company informed the U.S. Securities and Exchange Commission (SEC) that it alerted federal law enforcement about the cyber incident. The company’s response is ongoing.
“Based on the Company’s investigation to date, which remains ongoing, the Company believes that information relayed to the Company by the threat actor may relate to certain customers and customer leads that can be traced to the Company’s subsidiary, American Income Life Insurance Company,” the SEC filing stated.
The Texas-based insurer reported $5.21 billion in revenue last year. Its subsidiary, American Income Life Insurance Company, serves over 4 million policyholders and posted approximately $297 million in life insurance premium sales on an annual basis.
What Globe Life Data was Compromised
The breached data includes sensitive details such as Social Security numbers, names, addresses, and health-related information, though Globe Life acknowledged that the “the total number of potentially impacted persons or the full scope of information possessed by the threat actor has not been fully verified.”
No other form of personally identifiable or sensitive financial information, such as credit card data or banking information, was involved, the SEC filing said.
The hackers recently shared some of the stolen data with short sellers and attorneys involved in lawsuits, according to the filing, and claimed to have additional information that has yet to be confirmed.
Globe Life also clarified that the extortion effort did not involve ransomware or cause any disruption to its operations.
Fraud Allegations
Back in June, Globe Life had informed the SEC about a state insurance regulator’s inquiry into “potential vulnerabilities related to access permissions and user identity management for a Company web portal,” which may have enabled unauthorized access to some customer and policyholder records.
The disclosure was made amidst increasing scrutiny and financial setbacks suffered by the company. The Texas-based insurer had faced allegations of fraudulent sales tactics and other business and workplace improprieties.
Globe Life and its biggest subsidiary, American Income Life (AIL), had allegedly engaged in insurance fraud, framing of policies for dead and fictitious individuals, withdrawal of consumer funds without approval, unfair dismissal, misleading sales tactics and illegal kickbacks, according to the June allegations. It was also alleged that some of AIL’s most profitable agents had faced accusations of kidnapping, assault and child grooming from defendants, witnesses and plaintiffs.
Following the breach, the company hired cybersecurity experts to investigate the situation and implement corrective measures. The situation continues to evolve.