Insurance giant Globe Life, which provides life and health insurance to millions of Americans, has announced that insurance payments are being extorted by hackers who stole sensitive customer data.
In a regulatory filing Thursday with the U.S. Securities and Exchange Commission, the Texas-based conglomerate is seeking to extort money from companies in exchange for not disclosing data stolen from them. He said he had “recently received a communication” from an unknown attacker. system.
The leaked data, which Globe Life traced back to subsidiary American Income Life Insurance Company, included personally identifiable information such as customer names, addresses, and phone numbers. “In some cases,” the data also includes Social Security numbers, health-related data and other policy information, the company's filing said.
Globelife says it knows about 5,000 people have been affected by the data breach so far, but “the total number of people potentially affected and the full scope of information held by threat actors is unknown.” It acknowledges that the scope has not been fully tested, and suggests that: The number of people affected could be even higher. Globe Life says it has more than 17 million insurance policies, but AIL says it has at least 2 million policyholders as of its latest count.
According to Globe Life's filing, the hacker responsible for the breach “claims to have additional categories of information, but those claims are still under investigation and have not been verified.” The compromised information does not appear to include financial information such as credit cards or banking information, it said.
The cybersecurity incident appears to have been an extortion-only attack, and Globelife said in a statement that the incident did not involve the use of file-encrypting ransomware.
In the case of Globe Life, the organization notes that the attackers shared “information about a limited number of individuals” with short sellers and plaintiffs' attorneys, presumably to force the company to pay extortion demands. There is.
The hackers' demands are not yet clear, but Globe Life spokeswoman Jennifer Howarth declined to answer TechCrunch's questions.
Globe Life said it reported the incident to federal law enforcement.