Insurance giant Globe Life says it’s being extorted by hackers

However it claims there was no ransomware attack

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

American insurance giant Globe Life recently confirmed that cybercriminals tried to extort money in exchange for sensitive data they previously stole.

In mid-June 2024, the company reported a cybersecurity incident in which unknown third parties accessed sensitive customer data through one of its web portals.

It has now submitted a new8-K formwith the U.S. Securities and Exchange Commission (SEC), claiming the crooks accessed sensitive data on at least 5,000 customers - although the final number will probably be bigger, once the investigation concludes.

Not a ransomware attack

So far, the analysis has shown the information was taken from a subsidiary called American Income Life Insurance Company, and includedpersonally identifiable informationcategories such as names, email addresses, phone numbers, postal addresses, and in some instances Social Security numbers, health-related data, and other policy information.

“The threat actor claims to possess additional categories of information, which claims remain under investigation and have not been verified,” the company said in the form, adding credit card and banking information was safe.

The data was not taken as part of a traditionalransomwareattack. Globe Life’s systems were notencrypted, and the break-in did not result in the disruption of any services or operations. However, the crooks still tried to trade the data for money:

“Globe Life recently received communications from an unknown threat actor seeking to extort money from the Company in exchange for not disclosing certain information held and used by the Company and its independent agents,” the 8-K form further reads.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

It was left unclear if the company paid the demand or not, but it’s most likely that it did not. Instead, Globe Life brought in third-party cybersecurity experts and notified law enforcement.

Affected customers “will notify individuals affected by this incident,” and take steps to protect and remediate the impact for them, it said.

There is currently no evidence that the data was misused.

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Sonos Arc Ultra review: the best one-box Dolby Atmos soundbar for the price, with one grating flaw