Infosys McCamish Systems (IMS) has started sending out data breach notification letters regarding a ransomware attack that it disclosed in February 2024 to over 6 million victims, far more than the initially reported 57,000 Bank of America customers. I covered that initial report here.
IMS is a multinational corporation that provides business consulting, IT, and outsourcing services in the insurance and financial services industries for companies such as the Bank of America and seven out of the top ten insurers in the country.
In February 2024, IMS informed the public that it had been hit by ransomware in November 2023 resulting in the compromise of the personal data of about 57,000 Bank of America customers.
In a new notification shared with the authorities, IMS now says the total number of people affected is over 6 million.
The compromised data varies by individual but includes the following:
- Social Security Number
- Date of birth
- Medical treatment/record information
- Biometric data
- Email address and password
- Username and password
- Driver’s License number or state ID number
- Financial account information
- Payment card information
- Passport number
- Tribal ID number
- U.S. military ID number
IMS has not disclosed which of its clients were impacted except for Oceanview Life and Annuity Company. The list of impacted data owners may be supplemented as more customers request to be named in the filing.
Evan Dornbush, former NSA cybersecurity expert, has this comment:
“This is another example of attacks becoming more complex and taking longer to determine full impact.
“Also once again, this is an example of customers becoming passive victims in a process where they cannot take any action beyond hoping the breach isn’t so bad. It’s simply maddening. While some of the compromised data can be easily replaced – such as credit card numbers, license and passport identifiers are less easily renewed, and the loss of medical treatment and biometric data is irrevocably damaging to one’s privacy.”
Given the scope of this breach, I am hoping that IMS, Bank of America, and whomever else was involved in this is hauled before the relevant authorities and made to answer questions on this. Because a breach this size that took months to figure out is simply unacceptable.
Related
This entry was posted on July 2, 2024 at 8:09 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
The IMS Hack Is MUCH Worse Than Previously Thought
Infosys McCamish Systems (IMS) has started sending out data breach notification letters regarding a ransomware attack that it disclosed in February 2024 to over 6 million victims, far more than the initially reported 57,000 Bank of America customers. I covered that initial report here.
IMS is a multinational corporation that provides business consulting, IT, and outsourcing services in the insurance and financial services industries for companies such as the Bank of America and seven out of the top ten insurers in the country.
In February 2024, IMS informed the public that it had been hit by ransomware in November 2023 resulting in the compromise of the personal data of about 57,000 Bank of America customers.
In a new notification shared with the authorities, IMS now says the total number of people affected is over 6 million.
The compromised data varies by individual but includes the following:
IMS has not disclosed which of its clients were impacted except for Oceanview Life and Annuity Company. The list of impacted data owners may be supplemented as more customers request to be named in the filing.
Evan Dornbush, former NSA cybersecurity expert, has this comment:
“This is another example of attacks becoming more complex and taking longer to determine full impact.
“Also once again, this is an example of customers becoming passive victims in a process where they cannot take any action beyond hoping the breach isn’t so bad. It’s simply maddening. While some of the compromised data can be easily replaced – such as credit card numbers, license and passport identifiers are less easily renewed, and the loss of medical treatment and biometric data is irrevocably damaging to one’s privacy.”
Given the scope of this breach, I am hoping that IMS, Bank of America, and whomever else was involved in this is hauled before the relevant authorities and made to answer questions on this. Because a breach this size that took months to figure out is simply unacceptable.
Share this:
Like this:
Related
This entry was posted on July 2, 2024 at 8:09 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.