IMS specializes in providing business process outsourcing (BPO) and information technology (IT) services specifically tailored for the insurance and financial services industries.
Infosys McCamish Systems (IMS)
At the time, the company did not reveal the type of attack it suffered, however, on November 4, the\u00a0LockBit ransomware<\/a>\u00a0gang claimed responsibility for the attack.
\u201cOn the basis of analysis conducted by the cybersecurity firm, McCamish believes that certain data was exfiltrated by unauthorized third parties during the incident and this exfiltrated data included certain customer data. McCamish has engaged a third-party e- discovery vendor in assessing the extent and nature of such data. This review process is ongoing. McCamish may incur additional costs including indemnities or damages\/claims, which are indeterminable at this time.\u201d reads the\u00a0statement<\/a>\u00a0sent to the SEC. \u201cInfosys had previously communicated the occurence of this cybersecurity incident to BSE Limited, National Stock Exchange of India Limited, New York Stock Exchange and to United States Securities and Exchange Commission on November 3, 2023.\u201d<\/em>
In February, Bank of America began notifying<\/strong><\/a> some customers following the IMS data breach. The bank sent notification letters to 57,000 customers, informing them that their personal information has been compromised
Now the company revealed that the 2023 data breach after the LockBit ransomware<\/a> attack impacted 6 million individuals. <\/p>\n\n\n\n
“The sensitive personal data of 6,078,263 people has been compromised<\/strong>. Now, victims’ names, Social Security numbers, financial information, and medical information may be in the hands of criminals, putting victims at a greater risk of identity theft and other frauds.” reads a press release<\/a> published by the company.<\/em>
IMS determined that exposed data includes:<\/p>\n\n\n\n
The company is not aware of any abuses of the exposed data, however, it offered twenty-four months of complimentary credit monitoring to current customers for individuals associated with those customers<\/p>\n\n\n\n
“Although we are unaware of any instances since the Incident occurred in which the personal information has been fraudulently used, IMS is nevertheless offering impacted individuals complimentary credit monitoring for twenty-four (24) months and dedicated call center services as well as providing guidance on how to protect against identity theft and fraud, including advising individuals to report any suspected identity theft or fraud to their financial institutions.” concludes the notification. “IMS is also providing individuals with information on how to place a fraud alert and security freeze on one\u2019s credit file, information on protecting against tax fraud, the contact details for the national credit reporting agencies, information on how to obtain a free credit report, a reminder to remain vigilant for fraud and identity theft by reviewing account statements and monitoring credit reports, and encouragement to contact the Federal Trade Commission, their Attorney General, and law enforcement to report attempted or actual identity theft and fraud.”<\/em><\/p>\n\n\n\n
Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/strong><\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking, Infosys McCamish Systems)<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"