Infosys McCamish Data Breach: A Quick Look at the LockBit Incident. What we know.

In a recent revelation, IT consulting giant Infosys McCamish Systems, Inc. (“IMS”) confirmed a massive data breach affecting over 6 million individuals. The LockBit breach, which occurred on October 29, 2023, compromised sensitive customer data held by several high-profile clients, including Bank of America, Fidelity, and Union Labor Life Insurance. The attack specifically targeted Infosys McCamish, a subsidiary of Infosys specializing in life insurance services.

The Intrusion by LockBit

The breach was orchestrated by the notorious ransomware group LockBit, which claimed responsibility for the attack on November 4, 2023. According to their announcement, they successfully infiltrated Infosys McCamish’s systems and exfiltrated a staggering 50 GB of data. The compromised information spanned a wide range of personal details, including:

• Social Security numbers
• Dates of birth
• Medical records
• Biometric data
• Email addresses
• Passwords
• Driver’s license information
• Financial account details
• Payment card data
• Passport numbers
• Tribal ID numbers
• Military ID numbers

The Fallout

In the aftermath of the breach, Infosys McCamish faced significant financial losses, estimating a staggering $38 million in damages. The impact extended beyond financial figures; approximately 6.5 million people were affected, with additional compromised data such as phone numbers, usernames, policy numbers, and salary information.

LockBit’s Demands

LockBit, unyielding in their pursuit, demanded a hefty ransom from Infosys. Initially offered $50,000 to prevent the sale or public release of the stolen data, LockBit remained unsatisfied. Their counteroffer set the starting bid at an astonishing $500,000. The standoff between the ransomware gang and Infosys escalated, leaving the company grappling with the consequences of the breach.

Identity Theft Monitoring

In response to the breach, Infosys has taken steps to mitigate the impact on affected individuals. They recommend victims take advantage of the free identity theft monitoring service provided via Kroll. Monitoring credit reports, bank statements, and medical bills for suspicious activity is crucial in safeguarding against potential identity theft.

LockBit: A Notorious Player

LockBit has gained notoriety as one of the most prolific ransomware gangs. Since 2018, they’ve claimed responsibility for 411 confirmed attacks, affecting over 18.5 million records. Their average ransom demand stands at a staggering $13.3 million. In 2023 alone, they executed 209 attacks, with an additional 359 unconfirmed incidents attributed to them. Their recent claim of hacking Evolve Bank & Trust raised eyebrows, initially suggesting they had breached the Federal Reserve.

Conclusion

The Infosys McCamish data breach serves as a stark reminder of the ever-present threat posed by cybercriminals. As organizations grapple with securing sensitive data, vigilance and robust security measures remain paramount. LockBit’s audacious attacks underscore the need for continuous vigilance and proactive defense strategies in the digital realm.

Remember, in this interconnected world, safeguarding our digital lives is a collective responsibility—one that extends beyond corporate boardrooms to each individual who entrusts their data to organizations like Infosys McCamish.

You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it.