Globe Life Notifies 850,000 Individuals of Data Breach
In January, Globe Life Inc., the parent company of American Income Life Insurance Company, disclosed that a data breach initially reported in mid-2024 affected approximately 850,000 individuals — significantly more than the initially estimated 5,000.
The breach, discovered on June 13, 2024, involved unauthorized access to databases maintained by a small number of independent agency owners. Compromised information includes names, Social Security numbers, email addresses, phone numbers, postal addresses, dates of birth, health information, and insurance details. Fortunately, financial data such as credit card numbers were not involved.
Following the breach, the attackers attempted to extort money from Globe Life in exchange for not disclosing the stolen data. The company refused to pay the ransom and instead notified federal law enforcement agencies, cooperating fully with the ongoing investigation. Globe Life has initiated the process of notifying affected individuals and is offering credit monitoring services to help mitigate potential impacts.
“The company has confirmed the extortion attempts did not involve the use of ransomware or result in any interruption to the company’s systems, services, or business operations. The Company continues to communicate with regulatory authorities and law enforcement,” Globe Life said.
Despite the severity of the breach, Globe Life reported that its operations were not disrupted, as the attackers did not employ ransomware to lock or delete system files. The company does not anticipate a material impact on its business and expects that costs related to the incident will be covered by insurance.
“Out of an abundance of caution, the company has also initiated the process to provide voluntary notifications to, and credit monitoring services for, approximately 850,000 additional individuals whose information was also stored in the relevant databases, even though the company has not been able to confirm if the threat actor acquired these additional individuals’ data,” the company said in an SEC filing.
React to this headline: