
An estimated 850,000 individuals have been affected by a ransomware attack on Globe Life, an insurance company. In 2024, the organization reported a cybersecurity incident after receiving an extortion message from an unknown threat actor, seeking financial payment in exchange for not disclosing data held by the company. The company launched its incident response plan and investigation shortly thereafter.
According to the initial report, the company believed the data in question is associated with customers and customer leads connected to its subsidiary, American Income Life Insurance Company, and may have included:
At the time of the report, the company estimated 5,000 individuals were impacted. However, new reports estimate that the incident affected 850,000 individuals.
Thomas Richards, Principal Consultant, Network and Red Team Practice Director at Black Duck, comments, “The uncertainty regarding the number of individuals affected and data accessed in this breach should be concerning, especially since this is a pretty substantial breach with almost one million policy holders affected. Without having this information, the affected individuals may not have clarity on the best ways to protect themselves and their personal information. Although it is fortunate that no financial information was accessed, financial information is often the easiest to change in this kind of scenario. However, one cannot change their health-related data, date of birth, or social security number so it’s imperative that the affected individuals are notified as soon as possible to begin taking the necessary steps to protect themselves and their data.”