Infosys McCamish Systems Data Breach Affects 6 Million Customers
Infosys McCamish Systems (IMS) has disclosed a significant data breach that occurred in late 2023, affecting over six million customers. The incident, which involved the LockBit ransomware group, compromised sensitive personal information that could be exploited for follow-on phishing and identity fraud attacks.
The unauthorized activity took place between October 29 and November 2, 2023. The stolen data includes Social Security Numbers, dates of birth, medical records, biometric data, email addresses, usernames, passwords, and financial account information. IMS began notifying customers about the breach on June 27, 2024, several months after the incident occurred.
In response to the breach, IMS is offering 24 months of credit monitoring to affected customers. The company has not specified the exact number of customers impacted, but it is known that over 2000 computers were encrypted during the attack. This breach follows a similar incident in November 2023, where customers of American National Insurance Company (ANICO), an IMS client, were also affected by a cyberattack exposing personal information.
The LockBit ransomware group has been identified as the alleged perpetrator of the IMS breach. The compromised information, if misused, could lead to serious consequences for the affected customers. IMS's offer of credit monitoring services is a step towards mitigating potential damages, but customers are advised to remain vigilant and take necessary precautions to protect their personal information.
