850,000 patients impacted in Globe Life breach as firm updates victim list

American insurance company Globe Life recently disclosed a revision in the number of customers potentially affected by a cyber breach last summer. Originally thought to have impacted about 5,000 individuals, the insurer now reports that an additional 855,000 people may have been influenced by the attack.

The breach was first detected when cybercriminals infiltrated customer data through an online portal. Globe Life, a prominent and long-standing insurance provider in the United States, promptly reported the incident to the Securities and Exchange Commission (SEC), citing that the compromised data belonged to the 5,000 individuals. After an internal investigation, the company declared its intention to update the figures as needed.

In October, Globe Life faced further challenges when the cybercriminals initiated an extortion attempt, demanding money to prevent data leaks. As a consequence, the company decided to reveal more details about the breach. The initial 5,000 identified victims were linked to specific databases held by third parties, like independent agency owners, as described by the company. These databases included information from customers of Globe Life’s subsidiary, American Income Life Company. Among these details, the data of an additional 850,000 people were found, although there is no evidence to suggest that this cohort’s data was leaked.

Even though there is no confirmation regarding the exposure of the additional individuals’ information, Globe Life opted to send notifications to them as a precautionary measure. The company has also begun offering credit monitoring services for these potential victims. In a statement to the SEC, Globe Life emphasized its commitment to ensuring the safety and privacy of its customers’ data, highlighting the importance of being proactive in addressing any potential threats.

Despite the breach involving sensitive information like names, contact details, insurance policies, and health data, alongside personal identifiers such as social security numbers and dates of birth, Globe Life affirms that no financial data was compromised. The company is resolute in its decision not to acquiesce to the cybercriminals’ demand for ransom, clarifying that the attack did not disrupt its operations at the time.

Security expert Thomas Richards from Black Duck stressed the gravity of the breach, especially considering the significant number of individuals affected. Richards underscored the importance of prompt notification to the individuals impacted to facilitate the necessary steps for safeguarding their personal information. Although financial data remains untouched, the exposure of health-related information, dates of birth, and social security numbers necessitates decisive action from the affected individuals to shield themselves from potential risks.

Globe Life joins a growing list of insurers facing cyber attacks in recent times, underscoring the need for heightened vigilance in the face of evolving cyber threats. With breaches like the Change Healthcare incident affecting millions of US citizens and the Landmark Admin data breach exposing a large number of users to personal data leaks, the insurance industry faces mounting challenges in safeguarding sensitive customer information in an increasingly digital landscape.