Back in June of 2024, the insurance company Globe Life suffered a data breach that allegedly accessed policyholder data. The company initiated an investigation that revealed some information back in October of last year which claimed that at least 5,000 people were potentially affected.
However, its has since finished its investigation, and the number of impacted customers is significantly higher. As reported by BleepingComputer, Globe Life is now saying that an additional 850,000 people may be affected by the June breach.
"Immediately upon notification of these circumstances, the Company removed external access to the portal," Associate Counsel and Corporate Secretary at Globe Life Christopher Moore wrote in a filing with the U.S. Securities and Exchange Commission (SEC) in June.
The October release revealed that a small-scale breach was discovered in a subsidiary company, American Income Life Insurance Company. At the time, it was reported that at least 5,000 customers of that subsidiary were affected. Though it was noted then that the number might grow.
In a new filing with the SEC, a still unknown threat actor was able to access customer information in "specific databases maintained by a small number of independent agency owners." The filing says that Globe Life could not confirm if more information was stolen than the initial 5,000 people already affected, but that it is exercising caution and providing credit monitoring services to every potentially impacted policyholder whose information was stored in those databases.
The threat actor may have been able to access a wide spread of sensitive information including:
- Full names
- Email addresses
- Phone numbers
- Postal Addresses
- Dates of Birth
- Social Security Numbers
- Health data
- Insurance policy information
According to the filing, the unknown attacker attempted to extort Globe Life, but the company declined to pay the ransom. The company asserts that the breach did not involve data encryption or its IT systems.
How to stay safe after a data breach
Globe Life is offering credit monitoring services but if their offering isn't up to par, you might also want to consider signing up for one of the best identity theft protection services to keep a closer eye on your personal data and digital life. It was not stated how long that offer would last.
If you're a customer of Globe Life or one of its subsidiary agencies, you will want to pay attention to your inbox and accounts going forward. Sensitive information can be sold to bad actors who create convincing phishing emails to try and gain access to your other accounts or they might even create profiles using your personal information elsewhere.
Basically, be cautious with any communications — email, text, social media — for the time being. Also keep a close eye out for links or attachments that you didn't request and whatever you do, don't click on the links or download any attachments sent from unknown senders to your devices.
Outside of identity protection you'll also want to make sure you have the best antivirus software installed on your PC, the best Mac antivirus software installed on your Apple computer and one of the best Android antivirus apps on your phone if you don’t use an iPhone. Potential phishing emails and messages could contain malware as well as other threats and a good antivirus will help keep you safe.
In the meantime, Globe Life seems to believe that the hack will not affect its operations, but you'll also want to change any passwords you have associated with accounts via the insurance giant.
More from Tom's Guide
- Billions of Chrome users at risk from new browser-hijacking Syncjacking attack
- Thousands of WordPress sites hijacked to spread Windows and Mac malware
- Is DeepSeek a national security threat? I asked ChatGPT, Gemini, Perplexity and DeepSeek itself
