Infosys McCamish Systems, LLC (IMS) is notifying individuals of a data security incident that impacted some personal information related to Principal Life Insurance Company’s Group Universal Life Insurance certificates. The incident, which involved ransomware encryption on certain IMS systems, did not affect Principal’s internal systems. The incident was contained in November 2023, and there has been no evidence of fraudulent use of the compromised information since the breach. However, IMS is providing precautionary information to affected individuals.
On November 2, 2023, IMS detected unusual activity and launched an investigation with third-party cybersecurity experts. The investigation revealed that unauthorized access had occurred between October 29 and November 2, 2023. Law enforcement was promptly notified, and containment efforts began immediately to stop further unauthorized access. IMS also hired forensic specialists to assist in analyzing the scope of the breach and ensure no further risks remained.
The forensic investigation confirmed that data had been subject to unauthorized access, but it was determined that Principal’s own systems were not affected. In response, IMS conducted a thorough review of the compromised data to identify the impacted personal information. This review helped determine that some individuals’ personal information had been accessed or acquired during the breach.
Although no instances of identity fraud or misuse have been reported as a result of the incident, IMS is advising affected individuals on steps they can take to protect their information. They have provided detailed guidance on how to monitor personal data for any suspicious activity and take necessary actions to prevent identity theft.