Fidelity Investments Life Insurance Company (FILI) is notifying nearly 30,000 affected individuals of a third-party data breach that compromised their information.
According to a notice filed with the state of Maine, third-party service provider Infosys McCamish (IMS) notified Fidelity in November of a “cybersecurity event” that disrupted its services. After an investigation conducted together with a third-party company, IMS discovered that its systems had been breached between October 29 and November 2. The unauthorized perpetrator was also able to obtain data stored on those systems.
In his notice to 28,268 peopleFidelity reports that IMS cannot determine what sensitive information was accessed during the breach, but based on information provided by IMS it is likely that it included individual names, Social Security numbers, states of residence, bank accounts , routing numbers and dates of birth.
This is the second time this year alone that a company has had to tell customers that their data has been compromised in one way or another third party infringement in relation to the IMS. Last month, Bank of America faced a breach after IMS suffered a ransomware attack, compromising the data of more than 57,000 customers. The data accessed in that breach involved similar material that was compromised for Fidelity merchants. It is unclear whether the IMS problems can be traced back to the same cyber incident.
“Third-party security breaches continue to occur increased frequency and impact. Businesses are heavily reliant on third-party service providers, who are now often the easiest vector to access a company’s most critical data,” said Jeff Margolies, Chief Product and Strategy Officer Saviynt, in a statement sent via e-mail -mail. “Enterprises need to improve their capabilities to manage and govern third-party access as part of their identity security programs.”
As Fidelity continues to review its records of affected individuals and work with IMS regarding the breach, it is offering 24 months of credit monitoring through TransUnion Interactive. He said traders should personally review their financial statements and credit reports and report any fraudulent or suspicious activity to the authorities.