Globe Life Inc. has disclosed new details regarding a cybersecurity incident involving an extortion attempt and the unauthorized access of sensitive customer data. The insurance provider confirmed that an unknown threat actor gained access to the personally identifiable information (PII) of approximately 855,000 individuals and attempted to extort the company by threatening to release the data. Despite the demands, Globe Life did not pay the extortion and has engaged law enforcement in the ongoing investigation.
Globe Life, headquartered in McKinney, Texas, is a major provider of life and health insurance, serving millions of customers across the U.S. The company trades on the New York Stock Exchange (NYSE) under the ticker GL and maintains a strong financial presence.
The company initially disclosed the breach on June 14, 2024, in response to the extortion attempt. In an updated SEC filing (Form 8-K/A) dated January 30, 2025, Globe Life provided additional insights into the nature of the breach, confirming that compromised data included names, email addresses, phone numbers, postal addresses, and, in some cases, Social Security numbers, dates of birth, health-related information, and insurance policy details. However, no financial information was accessed, according to the company. Some of this data was subsequently distributed to short sellers and plaintiffs' attorneys, adding a legal and financial dimension to the breach's impact.
The breach was traced to specific databases maintained by a small number of independent agency owners rather than Globe Life's core systems. While the company could not confirm if additional records were exfiltrated, it is taking precautionary measures by offering credit monitoring services to the 850,000 individuals whose data was stored in the affected databases.
Following the discovery of the breach, Globe Life activated its incident response plan, working with external cybersecurity experts and legal counsel to assess the situation. Importantly, the company confirmed that no ransomware was involved and that the attack did not disrupt its business operations or core IT systems.
Despite the breach, Globe Life does not expect a material financial impact and has stated that it will file insurance claims to seek reimbursement for related expenses. However, the timing and amount of potential reimbursements remain uncertain.
The company has promised to notify affected individuals and offer credit monitoring services, but no timeline was provided. Customers of the insurer are recommended to maintain high vigilance against scams and phishing attempts, and report suspicious communications to the authorities.
Mizuno USA Confirms Data Breach Following Ransomware Claim
Leave a Reply