Globe Life, a major provider of life and health insurance in the United States, is currently dealing with a data breach and extortion threat after a hacker stole sensitive customer information. The company, based in Texas, revealed in a filing with the U.S. Securities and Exchange Commission that they received demands from an unknown cybercriminal who is threatening to expose the stolen data unless a ransom is paid.
The breach has been traced back to Globe Life’s subsidiary, American Income Life Insurance Company (AIL). The compromised information includes personal details such as customer names, home addresses, and phone numbers. In some instances, even more sensitive data was exposed, including Social Security numbers, health-related details, and policy information.
As of now, Globe Life has identified approximately 5,000 individuals whose data has been affected. However, the company acknowledges that the full scope of the breach remains unclear, and the total number of impacted customers is expected to be significantly higher. Globe Life, which manages over 17 million insurance policies, also noted that AIL has at least two million policyholders, raising concerns that the breach could be more widespread.
While the hacker behind the attack claims to possess additional categories of information, Globe Life is still investigating these claims. The company has stated that, so far, there is no evidence to suggest that financial information, such as credit card or banking data, was stolen. The attack appears to be an extortion attempt rather than a ransomware attack, where files are encrypted and held hostage.
Adding further pressure, the hacker has reportedly shared information about some of the affected individuals with short sellers and plaintiffs’ attorneys, likely aiming to coerce Globe Life into meeting their ransom demands. The exact amount being demanded by the cybercriminal remains undisclosed.
Globe Life has taken the necessary steps by reporting the breach to federal law enforcement authorities. However, the company has not revealed specific details about the investigation or how they plan to address the extortion threat. When asked for additional information, Globe Life spokesperson Jennifer Haworth declined to comment.
As the investigation continues, the incident raises serious concerns about data security, particularly given the extensive number of policies managed by Globe Life and its subsidiaries.
