850,000 patients may have been affected in the Globe Life breach after firm revises victim list

American insurance firm Globe Life has warned that another 855,000 people were potentially impacted by a cyber attack last summer — not the original 5,000 initially reported.

Last summer, Globe Life spotted that cyber criminals had accessed customer data, reportedly via an online portal.

The insurance company — one of the biggest and oldest in the US — filed a report with the SEC on the attack, saying that details had been accessed on 5,000 individuals, but promised to update that figure after an internal investigation.

In October, Globe Life revealed that cyber criminals had contacted the insurer attempting to extort money in exchange for not leaking data.

Now, Globe Life has revealed further details of the attack, saying the initial 5,000 confirmed victims were traced to a set of specific databases maintained by third parties, or as the company put it: "a small number of independent agency owners."

The details taken were from customers of Globe Life subsidiary American Income Life Company. Those databases also included details on the additional 850,000 people, and while there's no evidence their information was leaked, the company is writing to potential victims as a precaution.

"Out of an abundance of caution, the company has also initiated the process to provide voluntary notifications to, and credit monitoring services for, approximately 850,000 additional individuals whose information was also stored in the relevant databases, even though the company has not been able to confirm if the threat actor acquired these additional individuals’ data," the company said in an SEC filing.

Globe Life insists no ransom was paid

Globe Life added that it didn't pay the ransom, and stressed the extortion attempt didn't use ransomware or impact business operations at the time.

According to the most recent filing, the data accessed includes names, email addresses, phone numbers, and addresses, as well as insurance policy information, health data, social security numbers, and date of birth, but no financial information.

Thomas Richards, principal consultant at security firm Black Duck, said the incident will still be a cause for serious concern among customers.

“The uncertainty regarding the number of individuals affected and data accessed in this breach should be concerning, especially since this is a pretty substantial breach with almost one million policyholders affected,” he said.

"Without having this information, the affected individuals may not have clarity on the best ways to protect themselves and their personal information.

“Although it is fortunate that no financial information was accessed, financial information is often the easiest to change in this kind of scenario," Richards noted.

"However, one cannot change their health-related data, date of birth, or social security number so it’s imperative that the affected individuals are notified as soon as possible to begin taking the necessary steps to protect themselves and their data."

Globe Life was one of several high-profile insurers hit by cyber criminals last year, with a spate of attacks targeting organizations operating in the industry.

The Change Healthcare cyber attack, for example, impacted around 190 million US citizens, with parent company UnitedHealth having recently revised its numbers following an investigation.

Elsewhere, a data breach at Landmark Admin saw 800,000 users exposed. A filing with the Attorney General of Maine revealed the breach exposed a broad range of personal data, including full names and addresses, social security numbers, tax ID numbers, and drivers’ license numbers.