Insurance giant Globe Life facing extortion attempts after data theft from subsidiary

Insurance firm Globe Life is being extorted by hackers after data on more than 5,000 people was stolen from a subsidiary.

The company told regulators at the U.S. Securities and Exchange Commission (SEC) that it reported the incident to federal law enforcement. 

“Based on the Company’s investigation to date, which remains ongoing, the Company believes that information relayed to the Company by the threat actor may relate to certain customers and customer leads that can be traced to the Company’s subsidiary, American Income Life Insurance Company,” the company explained in the filing. Globe Life declined to comment for this article.

The stolen information includes Social Security numbers, names, addresses, health-related data and more. Globe Life warned that the “full scope of information possessed by the threat actor has not been fully verified.” 

“Most recently, the threat actor also shared information about a limited number of individuals to short sellers and plaintiffs’ attorneys,” the filing adds. “The threat actor claims to possess additional categories of information, which claims remain under investigation and have not been verified.” 

The Texas-based insurance giant said the extortion attempts did not involve ransomware or any cyberattack that disrupted company operations. 

In June, the company told the SEC about an inquiry from a state insurance regulator about “potential vulnerabilities related to access permissions and user identity management for a Company web portal that likely resulted in unauthorized access to certain consumer and policyholder information.” 

The company hired cybersecurity experts to investigate the situation and remediate the incident. 

Globe Life reported $5.21 billion in revenue last year and American Income Life Insurance Company is one of its premiere brands — with more than 4 million policies in force and about $297 million in annualized life premium sales.