Infosys McCamish Systems (IMS), a subsidiary of IT giant Infosys, recently disclosed a significant data breach impacting over 6 million individuals.
The attack, attributed to the notorious LockBit ransomware group, targeted sensitive information held by several of IMS’s clients in the insurance and financial services sectors.
LockBit Claims Responsibility
The incident unfolded in November 2023. LockBit, a ransomware gang known for its aggressive tactics, claimed responsibility for the attack and boasted about stealing 50GB of data. Initially, in February 2024, IMS only acknowledged the compromise of roughly 57,000 Bank of America customers’ data. However, a recent notification to US authorities reveals the true scope of the breach, affecting a staggering 6 million people.
What Type of Data Was Breached?
The exact data compromised likely varies depending on the client, but the notification suggests a wide range of sensitive information may have been exposed. This potentially includes:
- Social Security numbers
- Dates of birth
- Medical records
- Biometric data (fingerprints, etc.)
- Email addresses and passwords
- Driver’s licenses
- Financial account details
- Payment card information
- Passport numbers
- Tribal ID numbers
- Military ID numbers
To mitigate the risk from the exposure, the notification letters enclose instructions on how to access a free-of-charge, two-year identity protection and credit monitoring service through Kroll.
