Texas-based insurance company Globe Life is investigating a data breach impacting the information of consumers and policyholders.
The life and supplemental health insurance provider disclosed the data breach last week in a filing with the SEC.
Globe Life said it launched an investigation into “potential vulnerabilities related to access permissions and user identity management for a Company web portal” after an inquiry from a state insurance regulator.
The probe showed that the vulnerabilities likely allowed unauthorized access to consumer and policyholder information. It’s unclear what type of data may have been compromised.
“Immediately upon notification of these circumstances, the Company removed external access to the portal. At this time, the Company believes the issue is specific to this portal, and all other systems remain operational. The Company’s operations will not be significantly impacted by the removal of external web access to the portal in question,” Globe Life said.
The insurance giant noted that it has hired outside experts to assist with the investigation. While its full scope is still being determined, the cybersecurity incident has not had a material impact up to this point.
According to its website, Globe Life companies have more than 17 million policies and $227 billion of coverage in force.
It’s unclear if Globe Life was targeted in a ransomware attack, which would not be surprising considering that the insurance sector is often targeted by cybercriminals.
SecurityWeek has reached out to Globe Life for additional information and will update this article if the company responds.
Related: Fidelity Investments Life Insurance Company Notifying 28,000 People of Data Breach
Related: Customer Information of Toyota Insurance Company Exposed Due to Misconfigurations
Related: CISO Conversations: Jason Rebholz and Jason Ozin From the Insurance Sector
