Financial services holding Globe Life reports potential data breach
Learn More
Globe Life, a financial services holding company based in McKinney, Texas, reported a potential data breach following a breach of one of its web portals. The incident was detected on Thursday, June 13 2024, during a review of potential vulnerabilities related to access permissions and user identity management. Attackers may have accessed consumer and policyholder data.
After discovering the breach, Globe Life removed external access to the compromised portal. Globe Life claims that the issue appears isolated to this portal, with all other systems remaining operational. The company believes that the temporary removal of the affected web portal will not significantly disrupt its operations.
The company activated its incident response plan and engaged external security experts to address any security vulnerabilities and evaluate the full extent of the incident.
No details are disclosed abot the nature of the attack, exposed data or impacted individuals.
Globe Life has stated that the incident has not materially affected the company’s operations and has not been classified as a material cybersecurity incident.
Update - as of 17th of October 2024, Globe Life reports that the hackers demanded payment in exchange for not publishing the stolen information. At least 5,000 customers are exposed, though this may increase as the investigation continues.
Exposed data types (varying per individual):
- Full names
- Email addresses
- Phone numbers
- Postal addresses
- Social Security Numbers
- Health-related data
- Policy information
Update - as of 31st of January 2025 Globe Life reports they have finished the investigation into the data breach and says the incident may have impacted an additional 850,000 customers, on top of the confirmed 5,000.
Tthe company will notify the rest of the potentially impacted customers, and provide credit monitoring services.
The official statement reads: “Out of an abundance of caution, the Company has also initiated the process to provide voluntary notifications to, and credit monitoring services for, approximately 850,000 additional individuals whose information was also stored in the relevant databases, even though the Company has not been able to confirm if the threat actor acquired these additional individuals’ data.”
