Globe Life has expanded the number of individuals potentially affected by a cyber-extortion attempt last year. The company will notify an additional 850,000 people and provide credit monitoring services.
In October 2024, Globe Life disclosed an extortion attempt by an unknown threat actor who claimed to have accessed sensitive information from the company’s subsidiary, American Income Life Insurance Company.
The compromised data included names, email addresses, phone numbers, postal addresses, and, in some cases, Social Security numbers and health-related information. Initially, the breach was believed to affect approximately 5,000 individuals.
Upon discovering the breach, Globe Life activated its incident response plan, involving legal counsel and external cybersecurity experts, and notified federal law enforcement.
The insurer reported receiving extortion demands from an unknown party threatening to release information unless paid, according to a previous filing.
The company said it activated its threat response plan immediately, working with legal counsel and external cybersecurity experts to investigate the breach.
According to the ongoing investigation, the compromised data may involve certain customers and leads connected to its American Life Insurance Co. subsidiary.
In a Jan. 30 filing with the U.S. Securities and Exchange Commission, Globe Life stated the breach affected databases managed by a limited number of independent agency owners.
The company said it is offering voluntary notifications and credit monitoring services to approximately 850,000 additional individuals whose data was stored in those databases, despite not confirming whether the attacker accessed their information.
The exposed data may include names, email addresses, phone numbers, postal addresses, and, in some cases, Social Security numbers, health-related details, and other personal information for 5,000 individuals, Globe Life said.
The insurer confirmed the cyber attack did not involve ransomware or disrupt its systems, services, or business operations. It plans to file insurance claims for reimbursement of costs, expenses, and losses related to the incident.
“The timing and amount of any such reimbursements is not known at this time,” the company said in the filing. “As of the date of this filing, the company believes this incident has not materially impacted its operations and does not expect this incident is reasonably likely to have a material impact on the company, including its financial condition or results of operations.”
The company confirmed that the extortion attempt did not involve ransomware and did not disrupt its systems or operations. As the investigation progressed, Globe Life identified additional databases maintained by independent agency owners that could have been compromised.
Consequently, the company decided to notify approximately 850,000 additional individuals and offer them credit monitoring services, even though it could not confirm whether their data had been accessed.
Globe Life has stated that it will seek reimbursement for costs associated with the incident from its insurers and does not anticipate a material impact on its financial condition or operations. The company continues to cooperate with regulatory authorities and law enforcement as the investigation remains ongoing.
