American financial services holding company Globe Life says attackers may have accessed consumer and policyholder data after breaching one of its web portals.
The incident was discovered on Thursday, June 13, while reviewing potential vulnerabilities related to access permissions and user identity management for the web portal following an inquiry from a state insurance regulator.
“Immediately upon notification of these circumstances, the Company removed external access to the portal,” said Christopher T. Moore, Associate Counsel and Corporate Secretary at Globe Life, in a filing with the U.S. Securities and Exchange Commission (SEC) on Friday.
“At this time, the Company believes the issue is specific to this portal, and all other systems remain operational.”
The insurance company believes that taking down the affected web portal will not significantly impact its operations. After detecting the potential data breach, Globe Life also activated its incident response plan and hired external security experts to remediate any security issues and assess the incident’s full scope, nature, and impact.
“As the investigation of the incident is ongoing, the full scope, nature and impact of the incident are not yet known,” Moore added.
“However, as of the date of this report, the incident has not had a material impact on the Company’s operations, and the Company has not determined whether this is a material cybersecurity incident required to be reported under Item 1.05 of Form 8-K.”
Globe Life is a Texas-based holding company listed on the New York Stock Exchange with over 3,600 employees. It provides life, health, and worksite insurance products and services through its wholly-owned subsidiaries, including direct-to-consumer and exclusive and independent agencies.
On April 11, Globe Life’s share price fell by 53.14% after allegations from anonymous organization Fuzzy Panda Research (which had taken a short position on the company) that Globe Life committed numerous insurance frauds—the company denied these claims.
A Globe Life spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.