Over 30,000 individuals have been left vulnerable after a third-party data breach involving Fidelity Investments Life Insurance Company (FILI).
The breach, orchestrated through Infosys McCamish (IMS), a third-party service provider, has raised serious concerns about the security measures to protect sensitive customer information.
A Breach of Trust and Data
Fidelity Investments, a cornerstone in the financial services sector, found itself precarious when IMS notified them in November of a “cybersecurity event” that had severely disrupted its services.
Document
Are you from SOC and DFIR teams? – Join With 400,000 independent Researchers
Malware analysis can be fast and simple. Just let us show you the way to:
-
Interact with malware safely
-
Set up virtual machine in Linux and all Windows OS versions
-
Work in a team
-
Get detailed reports with maximum data
An investigation conducted with a third-party firm’s assistance revealed that IMS’s systems were compromised between October 29 and November 2.
The breach allowed unauthorized access to critical data, including names, Social Security numbers, states of residence, and even bank account details.
Jeff Margolies, chief product and strategy officer at Saviynt, emphasized the growing threat of third-party breaches, stating, “Enterprises are highly reliant on third-party service providers, who are now often the easiest vector into an enterprise’s most critical data.”
The breach has resulted in the exposure of personal information belonging to approximately 30,000 individuals.
According to the Maine.gov submission, the affected individual’s personal information has been compromised.
Fidelity’s Proactive Measures
Fidelity has taken several steps to mitigate the impact on affected individuals in response to the breach.
The company is reviewing its records to identify all impacted parties and is working closely with IMS to address the breach’s ramifications.
Additionally, Fidelity offers affected customers 24 months of free credit monitoring through TransUnion Interactive and advises them to review their financial statements and credit reports vigilantly for any suspicious activity.
Data Breach Notifications
The breach has prompted a formal notification process, with Fidelity Investments Life Insurance & Empire Fidelity Investments Life Insurance, based in Smithfield, United States, disclosing the breach’s details.
Brian Leary, Chief Compliance Officer, has been at the forefront of this communication, emphasizing the company’s commitment to transparency and rectification.
Entity Information Details Type of OrganizationFinancial ServicesEntity NameFidelity Investments Life Insurance & Empire Fidelity Investments Life InsuranceAddress900 Salem Street, Smithfield, United StatesTotal Number of Persons Affected28,268Total Number of Maine Residents Affected162Breach Occurrence Dates10/29/2023 – 11/02/2023Breach Discovery Date02/13/2024Description of the BreachExternal system breach (hacking) due to third-party software vulnerability at Infosys McCamish Systems LLC
As Fidelity Investments navigates through the aftermath of this breach, the incident serves as a stark reminder of thevulnerabilitiesinherent in relying on third-party service providers.
It highlights the critical need for stringent cybersecurity measures and proactive monitoring to safeguard against such breaches in the future and ensure the protection of individuals’ sensitive information.
