Ransomware

Globe Life Discloses Breach After Facing Legal Scrutiny

The insurance holdings giant also wholly owns several other insurance providers.

by Alan J June 14th, 2024

Share on LinkedInShare on Twitter

Globe Life disclosed a recent cybersecurity incident that may have resulted in unauthorized access to its consumer and policyholder information.

Globe Life is a Texas-based insurance holding company. It offers life, health, and worksite insurance products and services to consumers nationwide through its subsidiaries. The company has over 3,600 employees and also owns several insurance providers like Liberty National, United American and Family Heritage Life.

The company had also been accused of shady financial tactics and business operations by short sellers Fuzzy Panda Research and Viceroy Research, allegations the company has denied.

Globe Life Breach Discovery and Containment

According to Globe Life’s filing with the SEC, the company had conducted a security review on one of its web portals to discover potential vulnerabilities that may have affected its access permissions and user identity management. The investigation was prompted by a legal inquiry from a state insurance regulator on June 13, 2024.

The review revealed that an unauthorized party may have accessed the company’s web portal, compromising sensitive customer and policyholder data. The company stated that it had immediately revoked external access to the affected portal upon breach discovery.

Globe Life said that at this stage, it believes the security issue is isolated to the one web portal. All other company systems remain fully operational. Globe Life added that it expected minimal impact to its business operations after the take down of the affected web portal. The company has activated its cybersecurity incident response plan and engaged external forensics experts to investigate the breach’s scope.

In its SEC filing, Globe Life disclosed that the investigation remains ongoing. The full impact and nature of the incident are unclear at the moment.

Incident Comes After Scrutiny Over Business Tactics

The company said it has yet to determine if the breach qualifies as a reportable cybersecurity incident under the SEC’s disclosure rules. The disclosure comes amidst increasing scrutiny and financial setbacks suffered by the company. The Texas-based insurer has faced allegations of fraudulent sales tactics and other business and workplace improprieties.

The short sellers Fuzzy Panda Research and Viceroy Research had made these allegations public in April 2024. While the company has continued to deny these claims, its share price has dropped by 24% since the publication of the Fuzzy Panda report.

The reports claimed that Globe Life and its biggest subsidiary, American Income Life (AIL), had engaged in insurance fraud, framing of policies for dead and fictitious individuals, withdrawal of consumer funds without approval, unfair dismissal, misleading sales tactics and illegal kickbacks. They also alleged that some of AIL’s most profitable agents had faced accusations of kidnapping, assault and child grooming from defendants, witnesses and plaintiffs.

It remains unclear if the state insurance regulator contact that led to the breach discovery is related to these allegations. Insurers like Globe Life are regulated at the state level rather than federal level.

Source

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button