Infosys McCamish Systems, LLC (IMS) has informed affected individuals about a data security incident involving their personal information. The incident occurred when certain IMS systems were encrypted by ransomware on November 2, 2023. Although there has been no evidence of fraudulent use of the compromised data, IMS is providing details about the incident and steps individuals can take to protect their personal information.
Upon discovering the ransomware attack, IMS immediately launched an investigation with the help of third-party cybersecurity experts retained through outside counsel. The investigation aimed to determine the nature and scope of the unauthorized activity, contain the incident, and ensure no ongoing threats. Law enforcement was also notified promptly. The forensic investigation revealed that unauthorized access occurred between October 29, 2023, and November 2, 2023, leading to the acquisition of personal data.
The investigation, completed with the assistance of third-party eDiscovery experts, involved a thorough review of the compromised data to identify the personal information affected and determine the individuals impacted. By May 28, 2024, IMS concluded that some personal information had been subject to unauthorized access and acquisition. The company has since contained and remediated the incident, taking steps to prevent similar events in the future.
IMS is offering affected individuals 24 months of complimentary identity monitoring services through Kroll to help protect against potential misuse of their information. They encourage vigilance against identity theft and fraud by monitoring financial statements and credit reports for any anomalies. IMS also advises reviewing additional steps to protect personal information and being cautious of schemes where malicious actors may reference this incident.
Reference:
