Approximately 28,268 Fidelity Investments Life Insurance customers have likely fallen victim to a significant data breach, as per documents submitted to the Maine attorney general’s office. The breach, attributed to a cybersecurity incident at Infosys in the fall, resulted in criminals gaining unauthorized access to sensitive personal and financial information.
According to Fidelity, the stolen data may include names, Social Security numbers, states of residence, bank account and routing numbers, credit/debit card numbers paired with access codes, passwords, and PINs, as well as dates of birth. This breach potentially exposes affected individuals to various forms of financial fraud and identity theft.
Infosys’ subsidiary, Infosys McCamish Systems (IMS), was targeted in the cyber intrusion. LockBit, the cybercriminal group behind the attack, claimed responsibility shortly after the incident was disclosed by Infosys. The breach led to the temporary shutdown of certain applications and IT systems operated by IMS.
This breach follows a similar incident involving Bank of America (BofA), where approximately 57,028 customers were affected by data theft from Infosys. The compromised data included names, addresses, business email addresses, dates of birth, Social Security numbers, and additional account information.
Law enforcement actions against LockBit’s infrastructure in December aimed to disrupt their operations, but the full extent of the data stolen remains uncertain. The incident occurred between October 20 and November 2, impacting the provision of services to both Fidelity and BofA by Infosys.
Fidelity is actively collaborating with IMS to investigate the breach, implement remedial measures, and ensure the safety of its services. Infosys is yet to disclose specifics regarding the breach, including the methods used by the perpetrators and the exact amount of data compromised.
