Close Close
Popular Financial Topics Discover relevant content from across the suite of ALM legal publications From the Industry More content from ThinkAdvisor and select sponsors Investment Advisor Issue Gallery Read digital editions of Investment Advisor Magazine Tax Facts Get clear, current, and reliable answers to pressing tax questions
Luminaries Awards
Hand holding cutout of caution symbol

Life Health > Running Your Business

Life and Annuity Tech Firm IMS Reports Breach Affected 6.1M People

Your article was successfully shared with the contacts you provided.

Infosystem McCamish Systems and customers reported in the spring that a fall ransomware attack on IMS systems had affected about 108,000 financial services company customers.

IMS hired an outside company to help it investigate the attack, and it now believes the attack may have affected the records of about 6.1 million people.

In some cases, the exposed records included people’s names, Social Security numbers, driver’s license numbers, biometric data, payment card information and medical treatment information, according to a notice IMS filed with the Maine attorney general’s office.

IMS is offering the people affected 24 months of credit monitoring and identity theft protection services from Kroll.

What it means: Some customers will need help with replacing passwords and personal identification documents and making sense of the credit monitoring reports.

Even for clients not directly affected by the data breach, helping them prove who they are to the satisfaction of banks, mutual fund companies and life insurers could get tougher before it gets easier.

The breach: LockBit, an international ransomware gang, is believed to have hacked IMS systems Oct. 29, 2023. IMS found the breach and began to block it four days later.

In addition to holding stolen data for ransom, LockBit attackers press victims with extortion, by publishing the names and data of victims who fail to pay ransom or hush money, according to the federal Cybersecurity & Infrastructure Security Agency.

In the spring, the IMS customers with clients known to be affected included Bank of America, Northwestern Mutual and Fidelity’s Investments Life business.

IMS mentions Oceanview Life and Annuity Co. in the new notice.

Northwestern Mutual has filed a separate notice along with the template for a form letter from IMS. That notice shows that the estimated number of people affiliated with Northwestern Mutual who may have been exposed to the LockBit attack has fallen to 53,668, from 62,656 March 1.

Credit: Chris Nicholls/ALM; Adobe Stock


© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.