HQ/EMEAFind out how we can help your business
Globe Life, a US-based life and insurance plan-providing company, stated that unidentified threat actors have tried to extort them after stealing data during a breach earlier this year.
The hackers tried to leverage the stolen information and threatened the company by stating they would expose the data if it did not comply with their demands. According to reports, the company uncovered this data breach incident in June after learning it suffered a compromise while analysing potential flaws in its web portal’s access permissions and user identity management.
The discovery has prompted the company to warn its customers and policyholders that the hackers could have accessed their data after breaching one of its web portals. The hack did not impact the firm’s operation, but it still caused concern among affected individuals due to the stolen data.
Globe Life disclosed that the perpetrators of the attack had blackmailed them.
Globe Life further claims that the cybercriminals behind the attack sought to blackmail the company by demanding a ransom for not leaking the stolen information. The alleged data samples acquired from the threat actor appear related to one of the company’s subsidiaries.
Globe Life Inc. explained in its recent SEC filing that it recently received messages from an unknown threat actor trying to extort money from the company in exchange for not exposing specific information stored and used by the company and its independent agents.
Furthermore, the company suspects that information provided by the threat actor may relate to specific customers and customer leads within its subsidiary. Hence, cybercriminals may acquire complete names, email addresses, phone numbers, postal addresses, Social Security numbers, health-related data, and policy information.
Global Life has also confirmed that the threat actors’ extortion attempts did not include ransomware. Therefore, there was no data encryption or file lock on the company’s computers.
The company believes that the incident will not significantly affect its business operations and does not anticipate that it will harm any finances as long as the affected individuals are cautious with unsolicited communications, especially related to their insurance policies.
