Globe Life reported to the Securities and Exchange Commission (SEC) that a breach of a company web portal resulted in the unauthorized access to consumer and policyholder information.
In a June 14 filing to the SEC, the company said it made the determination following an inquiry from a state insurance regulator around potential vulnerabilities related to access permissions and user identity management for the web portal. Once it understood the situation, Globe Life said it removed external access to the portal.
As of late last week, Globe Life said it believes the incident is special to the specific web portal in question and that all other company systems remained operational. While still under investigation, Globe Life said in the filing that the incident did not have a material impact on the organization.
“The company’s operations will not be significantly impacted by the removal of external web access to the portal in question,” the filing said. “The company has activated its incident response plan and retained leading security experts to investigate and assist in the remediation of any potential issue.”
Anne Cutler, cybersecurity evangelist at Keeper Security, said while taking affected systems offline remains a critical first step to containing any breach, it’s not an all-encompassing solution, and Globe Life will need to continue its remediation efforts to address the full scope of the breach’s impact.
“Without detailed information on the nature of the breach, it’s challenging to determine whether other systems or data were accessed,” said Cutler. “Nevertheless, unauthorized access through one entry point can lead to lateral movement and further compromise within the network. Globe Life must conduct thorough analysis of its systems to rule out any lateral movement and implement comprehensive network monitoring to understand the full extent of the breach.”
John Bambenek, president at Bambenek Consulting, added that based on the disclosure, it’s possible an external entity was concerned about the security of Globe Life’s portal.
“The investigation will determine if, and what, confidential information was accessed,” said Bambenek. “However, this incident demonstrates that organizations are still struggling to find their own vulnerabilities before an outsider does.”
