U.S. insurance provider Fidelity Investments Life Insurance had data from 28,268 customers potentially compromised following a LockBit ransomware attack against Infosys' U.S.-based subsidiary Infosys McCamish Systems in November, according to The Register.
No information regarding the breached data was provided by Infosys but attackers may have exfiltrated individuals' names, birthdates, states of residence, Social Security numbers, and bank accounts and routing numbers, as well as credit/debit card numbers and their associated PINs, passwords, and access codes, said Fidelity in a filing with the Maine Attorney General's Office. In breach notification letters sent to impacted clients, Fidelity disclosed that it had been engaging with IMS amid the firm's incident remediation and investigation efforts. Such a development comes nearly a month after Bank of America revealed that data from more than 57,000 of its customers, including their names, home and email addresses, and SSNs, had been exposed as a result of the attack against IMS.
