Hackers are extorting Globe Life with stolen customer data

Insurance giant Globe Life, which offers life and health insurance policies to millions of Americans, says it is being extorted by a hacker who stole confidential customer data.

In a regulatory filing with the U.S. Securities and Exchange Commission on Thursday, the Texas-based conglomerate said it has “recently received communications” from an unknown threat actor who is trying to extort money from the company in exchange for not disclosing stolen data. of your systems.

The compromised data, which Globe Life traced to its subsidiary American Income Life Insurance Company, includes personally identifiable information such as customer names, postal addresses and telephone numbers. In “some cases,” the data also includes Social Security numbers, health-related data and other policy information, according to the company document.

Globe Life claims that approximately 5,000 individuals have been affected by the data breach to date, but admits that “the total number of people potentially affected or the full scope of information possessed by the threat actor has not been fully verified,” suggesting that the number of affected individuals will likely be much higher. Globe Life claims to have more than 17 million policies in force, while AIL has at least two million policyholders in its latest public count.

According to the Globe Life document, the hacker responsible for the breach “claims to have additional categories of information, which remain under investigation and have not been verified,” but states that the compromised information does not appear to contain financial information, such as credit card information. data or banking information.

The cybersecurity incident appears to be an extortion-only attack, with Globe Life saying the incident did not involve the use of file-encrypting ransomware.

In the case of Globe Life, the organization notes that the threat actor also shared “information about a limited number of individuals with short sellers and plaintiffs’ attorneys,” likely in an attempt to pressure the company into paying his extortion demands.

The hackers’ demands are not yet known, and Globe Life spokeswoman Jennifer Haworth declined to respond to TechCrunch’s questions.

Globe Life says it reported the incident to federal authorities.