Troubled US insurance giant hit by extortion after data leak

US insurance provider Globe Life, already grappling with legal troubles, now faces a fresh headache: an extortion attempt involving stolen customer data.

In a report to the US Securities and Exchange Commission published today, Globe Life said it was recently contacted by an unknown threat actor asking for money in exchange for not publishing "certain information held and used by the Company and its independent agents." The insurer said it doesn't expect the extortion attempt to have any impact on its business and systems, which reportedly involves data belonging to, as far as the company can tell at this point, around 5,000 customers. 

Affected individuals, whom Globe Life claims are all customers of its subsidiary American Income Life Insurance Company (AIL), have had data including their names, email addresses, phone numbers, addresses, social security numbers, and health data stolen - but no financial information. 

It's not immediately clear how the data was obtained, but Globe Life's own statement suggests a source. In its SEC filing, they note that "the extortion attempts have not involved the use of ransomware or resulted in an interruption to the Company's systems, services, or business operations." 

That sounds suspiciously akin to what Globe Life reported a few months ago.

"Following an inquiry from a state insurance regulator, Globe Life initiated a review of potential vulnerabilities related to access permissions and user identity management for a Company web portal," Globe Life told the SEC in June. 

The misconfigured portal "likely resulted in unauthorized access to certain consumer and policyholder information," the company added, with the caveat that it had no idea what was stolen at that point. 

We reached out to Globe Life to determine whether today's report was tied to the portal misconfiguration, but the company declined to comment. 

Fuel for shortsellers

Globe Life's finances took a tumble in April after short sellers published a report alleging widespread fraud at the company, as well as "a culture of sexual harassment" that has enabled rape of female employees, drug use, demand for quid-pro-quo arrangements, and the like.

Not all of that is new news - Globe Life, through AIL, has been accused by former employees of tolerating pervasive harassment and abuse of the kind named in the short seller report. Those claims have since been substantiated by the US Equal Employment Opportunity Commission.

What is fresh is the fact that the unknown threat actor behind the extortion attempt influenced the short sellers, too. 

"The threat actor also shared information about a limited number of individuals to short sellers and plaintiffs' attorneys," Globe Life said in today's SEC filing. "The threat actor claims to possess additional categories of information, which claims remain under investigation and have not been verified."

That claim could serve Globe Life well in court, where it's currently being sued by shareholders who allege the company's lies, as reported by the short sellers, caused artificial inflation of shares and losses after share prices dropped. 

Globe Life is down by around 11 percent year to date, and has yet to recover from the April selloff. ®