2024-10-17 GLOBE LIFE INC. Cybersecurity Incident

Page last updated on January 30, 2025

GLOBE LIFE INC. initially disclosed a cybersecurity incident in an SEC 8-K filing on 2024-10-17 07:00:16 EDT.

Company Summary

Globe Life provides term life insurance, whole life insurance, final expense insurance, accidental death insurance, mortgage protection insurance, cancer insurance, ICU insurance, hospital insurance, and children’s life insurance.

Incident Details

Material: Unknown
Is Breach: TRUE
Records Compromised: 850,000
Data Types Impacted: Date of Birth, Phone Number, Health insurance information, Health data, Social Security Number, Home address, Email, Name

Compromised Date:
Detected Date:
Disclosure Date: 2024-10-17
Contained Date:
Recovered Date:

Attack Goal: Unknown

Costs: No Costs Tracked (yet)

Filings

8-K filed on 2024-10-17

GLOBE LIFE INC. filed an 8-K at 2024-10-17 07:00:16 EDT
Accession Number: 0000320335-24-000056

Item 8.01 Other Events.

Globe Life Inc. (the “Company”) recently received communications from an unknown threat actor seeking to extort money from the Company in exchange for not disclosing certain information held and used by the Company and its independent agents. After becoming aware of this, the Company immediately activated its incident response plan and, with the assistance of experienced counsel and external cybersecurity experts, launched an investigation. The Company has reported this extortion attempt to and is cooperating with federal law enforcement.

Based on the Company’s investigation to date, which remains ongoing, the Company believes that information relayed to the Company by the threat actor may relate to certain customers and customer leads that can be traced to the Company’s subsidiary, American Income Life Insurance Company. This information includes certain personally identifiable information categories such as names, email addresses, phone numbers, postal addresses, and in some instances Social Security numbers, health-related data, and other policy information for approximately 5,000 individuals; however, the total number of potentially impacted persons or the full scope of information possessed by the threat actor has not been fully verified. This information does not appear to contain personally identifiable financial information such as credit card data or banking information. Most recently, the threat actor also shared information about a limited number of individuals to short sellers and plaintiffs’ attorneys. The threat actor claims to possess additional categories of information, which claims remain under investigation and have not been verified.

To date, the extortion attempts have not involved the use of ransomware or resulted in an interruption to the Company’s systems, services, or business operations. The Company will notify individuals affected by this incident, take steps as needed to protect and remediate the impact for them, and continue to communicate with regulatory authorities. As of the date of this filing, the Company believes this incident has not materially impacted its operations and does not expect this incident is reasonably likely to have a material impact on the Company, including its financial condition or results of operations.

8-K filed on 2025-01-30

GLOBE LIFE INC. filed an 8-K at 2025-01-30 17:30:37 EST
Accession Number: 0000320335-25-000004

Item 8.01 Other Events.

As disclosed on October 17, 2024, Globe Life Inc. (the “Company”) received communications from an unknown threat actor seeking to extort money from the Company in exchange for not disclosing certain information held and used by the Company and its independent agents. The Company is filing this amendment (this “Amendment”) to amend and supplement the Original Form 8-K.

As originally disclosed, pursuant to the Company’s incident response plan and with the assistance of external cybersecurity experts and legal counsel, the Company verified the threat actor had obtained the personally identifiable information of approximately 5,000 individuals. With the assistance of these external advisors, the Company confirmed that data categories, including names, email addresses, phone numbers, postal addresses, and in some instances dates of birth, Social Security numbers, health-related data and other insurance policy information, were obtained and that certain of this data was distributed to short sellers and plaintiffs’ attorneys. The investigation determined the exposure by the threat actor did not include personally identifiable financial information. The Company did not pay the demanded extortion payment and instead notified federal law enforcement and continues to assist law enforcement in the investigation of this activity. The Company has initiated the process to provide notification to, and credit monitoring services for, these individuals.

Based on the Company’s review, the customer information was traced to specific databases maintained by a small number of independent agency owners. The Company was not able to confirm if the threat actor acquired information from these databases at the targeted agencies beyond that relating to the approximately 5,000 individuals. Out of an abundance of caution, the Company has also initiated the process to provide voluntary notifications to, and credit monitoring services for, approximately 850,000 additional individuals whose information was also stored in the relevant databases, even though the Company has not been able to confirm if the threat actor acquired these additional individuals’ data.

The Company has confirmed the extortion attempts did not involve the use of ransomware or result in any interruption to the Company’s systems, services, or business operations. The Company continues to communicate with regulatory authorities and law enforcement. The Company will seek reimbursement of costs, expenses and losses stemming from this matter by submitting claims to its insurers. The timing and amount of any such reimbursements is not known at this time. As of the date of this filing, the Company believes this incident has not materially impacted its operations and does not expect this incident is reasonably likely to have a material impact on the Company, including its financial condition or results of operations.

Company Information