First BofA, Now Fidelity: Same Vendor Behind Third-Party Breaches

We Keep you Connected

First BofA, Now Fidelity: Same Vendor Behind Third-Party Breaches

The private information of more than 28,000 people may have been accessed by unauthorized actors, thanks to a cyber incident at service provider Infosys McCamish — the same third party recently responsible for the Bank of America breach.
March 6, 2024
Fidelity Investments Life Insurance Company (FILI) is notifying nearly 30,000 affected individuals of a third-party data breach that has compromised their information.
According to a notice filed with the state of Maine, third-party service provider Infosys McCamish (IMS) notified Fidelity in November about a "cybersecurity event" that disrupted its services. After an investigation alongside a third-party firm, IMS discovered that its systems were breached between Oct. 29 and Nov. 2. The unauthorized actor also was able to obtain data stored on those systems.
In its notice to 28,268 individuals, Fidelity reports that IMS is unable to determine what sensitive information was accessed in the breach, but based on the information IMS has provided it's likely that it included individual names, Social Security numbers, states of residence, bank account and routing numbers, and dates of birth. 
This is the second time this year alone that a company has had to tell customers that their data was compromised in a third-party breach in connection with IMS. Last month, Bank of America faced a breach after IMS experienced a ransomware attack, compromising the data of over 57,000 customers. The data accessed in that breach was of similar material that was compromised for Fidelity merchants. It's unclear whether the IMS woes tie back to the same cyber incident.
"Third-party security breaches continue to increase in frequency and impact. Enterprises are highly reliant on third-party service providers, who are now often the easiest vector into an enterprises most critical data," Jeff Margolies, chief product and strategy officer Saviynt, said in an emailed statement. "Enterprises need to improve their capabilities to manage and govern their third-party access as part of their identity-security programs."
As Fidelity continues to review its records of affected individuals and engage with IMS regarding the breach, it offers 24 months of credit monitoring through TransUnion Interactive. It said that merchants should personally review their financial statements and credit reports, and report any fraudulent or suspicious activity to authorities. 
Dark Reading Staff
Dark Reading
Dark Reading is a leading cybersecurity media site.
You May Also Like
Assessing Your Critical Applications’ Cyber Defenses
Unleash the Power of Gen AI for Application Development, Securely
The Anatomy of a Ransomware Attack, Revealed
How To Optimize and Accelerate Cybersecurity Initiatives for Your Business
Building a Modern Endpoint Strategy for 2024 and Beyond
Cybersecurity’s Hottest New Technologies – Dark Reading March 21 Event
Black Hat Asia – April 16-19 – Learn More
Black Hat Spring Trainings – March 12-15 – Learn More
Industrial Networks in the Age of Digitalization
Zero-Trust Adoption Driven by Data Protection
How Enterprises Assess Their Cyber-Risk
The Infoblox Q1 2021 Cyberthreat Intelligence Report
Forrester Report: The Total Economic Impact Of Bizagi’s Low-Code Intelligent Process Automation Platform
The State of Incident Response
Understanding Today’s Threat Actors
Endpoint Best Practices to Block Ransomware
Zero Trust Access For Dummies, 2nd Fortinet Special Edition
The Forrester Wave: External Threat Intelligence Service Providers, Q3 2023
Cybersecurity’s Hottest New Technologies – Dark Reading March 21 Event
Black Hat Asia – April 16-19 – Learn More
Black Hat Spring Trainings – March 12-15 – Learn More
Copyright © 2024 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG.

source

TNC

LET US MANAGE YOUR SYSTEM
SO YOU CAN RUN YOUR BUSINESS

GET THE LATEST UPDATES, OFFERS, INFORMATION & MORE