McKinney, Texas-based insurance giant Globe Life Inc. is investigating a data breach that may have exposed the personal information of its consumers and policyholders. Globe Life is a holding company that offers life and supplemental health insurance to the middle-income market through various channels.
The company disclosed the incident in a filing with the U.S. Securities and Exchange Commission (SEC) last week, noting that it was contacted by a state insurance regulator regarding the breach.
According to the filing, on June 13, 2024, Globe Life Inc. discovered potential vulnerabilities in its web portal, potentially allowing unauthorized access to consumer and policyholder information. The company removed external access to the portal, believing the issue is specific to this portal and will not significantly impact its operations.
Preliminary investigation revealed potential vulnerabilities related to access permissions and user identity management for a company web portal. These vulnerabilities are suspected to have allowed unauthorized access to consumer and policyholder information.
The company has activated its incident response plan and hired security experts to investigate and remediate potential issues. The full scope, nature, and impact of the incident are not yet known, but as of the report, it has not had a material impact on the company’s operations and the company has not determined whether this is a material cybersecurity incident required to be reported under Item 1.05 of Form 8-K, noted Globe Life Associated Counsel and Corporate Secretary Christopher Moore in the filing.
Moreover, the type of data compromised and the number of affected individuals remain unknown at this time. Globe Life has not commented on the specifics of the breach or whether a ransomware attack targeted them, a tactic increasingly used against insurance companies.
Globe Life has not yet announced if they will contact affected individuals directly. As the investigation continues, the firm must provide timely updates on the breach and future protection measures.
Globe Life faced challenges in 2024 due to reports accusing its subsidiary American Income Life (AIL) brokers of insurance fraud, including writing policies for dead and fictitious people. Research firm Fuzzy Panda uncovered a whistleblower and interviewed former executives, claiming that Globe Life and AIL executives engaged in a $65 million bribery and kickback scheme. Fuzzy Panda claimed a former executive sent over 200 emails to inform about fraud to senior execs.
Experts Comments
Jason Soroko, Senior Vice President of Product at Sectigo said that ”The details currently available are insufficient to determine whether there is more to know about further movements by the attacker. Lateral movements would require access to the underlying system and it is unclear whether the vulnerability allowed this.”
John Bambenek, President at Bambenek Consulting highlighted the threat of vulnerabilities that go unnoticed until exploited by malicious elements. ”Based on the disclosure, it seems an external entity was concerned about the security of their portal,” said John. ”The investigation will determine if, and what, confidential information was accessed. However, this incident demonstrates that organizations are still struggling to find their own vulnerabilities before an outsider does,” he added.
RELATED TOPICS
- 13GB Data of Automobile Insurance Giant AA Exposed Online
- Data Breach Affects 66K in SIM-Swapping on US Insurance Giants
- US Auto Insurance Price Comparison Site RateForce Leaks PII Data
- Hackers steal sensitive client data in Israeli insurance firm data breach
- Multiple US Healthcare Insurance Database (655,000 Patients) for sale