US insurance giant Globe Life recently confirmed that cybercriminals were trying to extort money in exchange for sensitive data they had previously stolen.
In mid-June 2024, the company reported a cybersecurity incident in which unknown third parties gained access to sensitive customer data through one of its web portals.
A new one has now been submitted 8-K form with the US Securities and Exchange Commission (SEC) claiming that the crooks gained access to sensitive data on at least 5,000 customers – although the final number is likely to be higher once the investigation is complete.
No ransomware attack
So far, the analysis has shown that the information came from a subsidiary called American Income Life Insurance Company, and that it included personally identifiable categories of information such as names, email addresses, telephone numbers, mailing addresses and in some cases Social Security numbers, health information. related data and other policy information.
“The threat actor claims to have additional categories of information, which claims are still under investigation and have not been verified,” the company said in the form, adding credit card and banking information was safe.
The data was not captured as part of a traditional ransomware attack. Globe Life’s systems were not encrypted and the intrusion did not result in the disruption of services or operations. However, the crooks still tried to exchange the data for money:
“Globe Life recently received communications from an unknown threat actor seeking to extort funds from the Company in exchange for not disclosing certain information held and used by the Company and its independent agents,” the 8-K form further reads .
It remained unclear whether or not the company paid the demand, but it is very likely that this is not the case. Instead, Globe Life brought in outside cybersecurity experts and notified law enforcement.
Affected customers “will notify individuals affected by this incident” and take steps to protect and recover from the impact for them, the report said.
There are currently no indications that the data has been misused.
Via BleepingComputer