When affiliates of the LockBit ransomware attacked Infosys McCamish Systems (IMS) in late 2023, they did not steal sensitive information belonging to around 57,000 people, as initially thought.
Instead, threat actors stole valuable information on more than six million people, according to a new report that IMS shared with US authorities.
“With the assistance of external eDiscovery experts, retained through outside counsel, IMS proceeded to conduct a thorough and time-consuming review of the data in question to identify personal information subject to unauthorized access and acquisition and determine to whom personal information belongs. is related,” the company said in its notice. “IMS has notified its affected organizations of the Incident and of the compromise of any personal information belonging to them.”
Identity theft galore
The type of information stolen from individuals varies from individual to individual, but in general, threat actors stole Social Security numbers (SSNs), birth dates, medical information, biometric data, email addresses, passwords, driver's license numbers, state identification numbers, financial account information, payment card information, passport numbers, tribal identification numbers, and U.S. military identification numbers.
More than enough information to mount devastating phishing or identity theft attacks.
To combat the threat, IMS provided affected individuals with free identity protection and credit monitoring services through Kroll for a period of two years.
In November 2023, Bank of America filed a data breach report with the Maine Attorney General’s Office, saying that the incident originated from a subsidiary of Infosys. The report, filed on behalf of Bank of America by outside counsel, stated that Infosys McCamish Systems (IMS), part of the Indian technology services giant, is an outside counsel to Bank of America.
The total number of people affected by the incident, which occurred on October 29, 2023 and was discovered a day later, was said to be approximately 57,000, with hackers stealing names (or other personal identifiers) and social security numbers. (SSN). The incident was described as “external system breach.”
IMS did not say which companies were affected by the incident other than Oceanview Life and Annuity Company.
Through Computer beeping
