Major U.S. life insurance provider Globe Life has confirmed being coerced to pay for data belonging to over 5,000 individuals exfiltrated from its subsidiary American Income Life Insurance Company, reports The Record, a news site by cybersecurity firm Recorded Future.
Information compromised as a result of the incident included individuals' names, addresses, Social Security numbers, and health-related details, among others although a probe into the total extent of stolen data continues, said Globe Life in a filing with the Securities and Exchange Commission. "Most recently, the threat actor also shared information about a limited number of individuals to short sellers and plaintiffs' attorneys. The threat actor claims to possess additional categories of information, which claims remain under investigation and have not been verified," said Globe Life, which emphasized that it had not been impacted by ransomware or disruptive cyberattacks. Such a development comes months after Globe Life disclosed to the SEC corporate web portal compromise stemming from access permission and user identity management flaws.
