Globe Life Inc has expanded the number of individuals potentially affected by a cyber-extortion attempt reported last year, stating that it will notify an additional 850,000 people and offer them credit monitoring services.
The company first disclosed in October 2024 that it had received communications from an unidentified party demanding payment in exchange for not disclosing information used by the insurer and its independent agents.
According to a filing with the US Securities and Exchange Commission (SEC) at the time, Globe Life said it immediately activated its threat response plan and launched an investigation with legal counsel and external cybersecurity experts. The ongoing review indicated that the breach may have involved information linked to its American Life Insurance Co. subsidiary.
In a new SEC filing on Jan. 30, Globe Life reported that customer information compromised in the attack was traced to databases maintained by a limited number of independent agency owners.
In a report from AM Best, the company said that, as a precautionary measure, it will notify additional individuals whose data was stored in the affected databases, even though it has not confirmed whether their information was accessed by the threat actor.
The information potentially exposed includes names, email addresses, phone numbers, and postal addresses. In some cases, Social Security numbers, health-related data, and other personal details may also have been involved. A company spokesperson declined to provide additional comments.
Globe Life confirmed that the extortion attempt did not involve ransomware and did not disrupt its systems, services, or business operations. The insurer also said that it plans to submit claims to its insurers to recover costs, expenses, and losses related to the incident.
The company noted, however, that the timing and amount of any reimbursements remain uncertain.
Besides this cyber breach, Globe Life also found itself embroiled in legal issues last year. In May, a class action lawsuit was filed in the US District Court for the Eastern District of Texas against the insurer for alleged violations of federal securities laws.
The suit alleges that the life insurer, formerly known as Torchmark Corporation, and several of its current and former executives, violated laws during a period from 2019 to 2024.
The legal complaint contended that throughout the class period, Globe Life issued several materially false and misleading statements and failed to disclose vital information regarding the company's premium revenue growth and its code of business conduct and ethics.
The suit also alleged that while Globe Life’s public code of conduct promised a commitment to an inclusive, safe working environment, prohibiting violence, threats, and illegal drug use, these standards were not upheld, contributing to an artificially inflated stock price during the class period.
In October, a federal judge dismissed a lawsuit filed by a former employee of American Income Life (AIL), a subsidiary of Globe Life, alleging wrongful termination after reporting unethical business practices at the carrier.
What are your thoughts on this story? Please feel free to share your comments below.
