On July 19, 2024, Infosys McCamish Systems, LLC (IMS), a prominent provider of life insurance and retirement services, reported a data breach affecting customers of PHL Variable Insurance Company. The breach, which was officially filed with the Attorney General of California, involved unauthorized access to sensitive portions of IMS’s computer network. The attack, which occurred between October 29, 2023, and November 2, 2023, led to the compromise of sensitive information stored by the company.
The breach was initially detected when IMS noticed that certain segments of their network had been encrypted, signaling a significant cyberattack. In response, IMS acted quickly by notifying law enforcement and engaging third-party cybersecurity experts to conduct a thorough investigation. This inquiry revealed that the unauthorized access was achieved through a sophisticated attack that enabled the hackers to infiltrate and extract confidential files containing data provided by PHL Variable Insurance Company.
The investigation determined that the breach did not expose personal information of the affected individuals but involved administrative documents. Despite this, the incident raised concerns due to the sensitivity of the data and its potential impact. Infosys McCamish has since implemented measures to enhance security and prevent further unauthorized access. The affected customers have been notified through data breach letters, which, while not detailing the specific types of data compromised, are intended to inform them of the breach and provide steps to protect against potential risks.
Infosys McCamish Systems, headquartered in Atlanta, Georgia, is a subsidiary of Infosys Limited, a major player in IT and consulting services based in India. This breach underscores the ongoing challenges faced by companies managing sensitive consumer data and highlights the need for robust cybersecurity measures. As the company continues to address the fallout from this incident, they remain committed to resolving the situation and safeguarding the information of their clients. The broader implications of this breach may prompt further scrutiny of cybersecurity practices across similar organizations.
Reference:
