Over 30,000 individuals have been left vulnerable after a third-party data breach involving Fidelity Investments Life Insurance Company (FILI).
The breach, orchestrated through Infosys McCamish (IMS), a third-party service provider, has raised serious concerns about the security measures to protect sensitive customer information.
A Breach of Trust and Data
Fidelity Investments, a cornerstone in the financial services sector, found itself precarious when IMS notified them in November of a “cybersecurity event” that had severely disrupted its services.
Malware analysis can be fast and simple. Just let us show you the way to:
- Interact with malware safely
- Set up virtual machine in Linux and all Windows OS versions
- Work in a team
- Get detailed reports with maximum data
If you want to test all these features now with completely free access to the sandbox: ..
An investigation conducted with a third-party firm’s assistance revealed that IMS’s systems were compromised between October 29 and November 2.
The breach allowed unauthorized access to critical data, including names, Social Security numbers, states of residence, and even bank account details.
Jeff Margolies, chief product and strategy officer at Saviynt, emphasized the growing threat of third-party breaches, stating, “Enterprises are highly reliant on third-party service providers, who are now often the easiest vector into an enterprise’s most critical data.”
The breach has resulted in the exposure of personal information belonging to approximately 30,000 individuals.
According to the Maine.gov submission, the affected individual’s personal information has been compromised.
Fidelity’s Proactive Measures
Fidelity has taken several steps to mitigate the impact on affected individuals in response to the breach.
The company is reviewing its records to identify all impacted parties and is working closely with IMS to address the breach’s ramifications.
Additionally, Fidelity offers affected customers 24 months of free credit monitoring through TransUnion Interactive and advises them to review their financial statements and credit reports vigilantly for any suspicious activity.
Data Breach Notifications
The breach has prompted a formal notification process, with Fidelity Investments Life Insurance & Empire Fidelity Investments Life Insurance, based in Smithfield, United States, disclosing the breach’s details.
Brian Leary, Chief Compliance Officer, has been at the forefront of this communication, emphasizing the company’s commitment to transparency and rectification.
| Entity Information | Details |
| Type of Organization | Financial Services |
| Entity Name | Fidelity Investments Life Insurance & Empire Fidelity Investments Life Insurance |
| Address | 900 Salem Street, Smithfield, United States |
| Total Number of Persons Affected | 28,268 |
| Total Number of Maine Residents Affected | 162 |
| Breach Occurrence Dates | 10/29/2023 – 11/02/2023 |
| Breach Discovery Date | 02/13/2024 |
| Description of the Breach | External system breach (hacking) due to third-party software vulnerability at Infosys McCamish Systems LLC |
As Fidelity Investments navigates through the aftermath of this breach, the incident serves as a stark reminder of the vulnerabilities inherent in relying on third-party service providers.
It highlights the critical need for stringent cybersecurity measures and proactive monitoring to safeguard against such breaches in the future and ensure the protection of individuals’ sensitive information.
You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are incredibly harmful, can wreak havoc, and damage your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.