Investigating Fidelity Investments Life Insurance Data Breach: A Closer Look
Srishti Chaubey
March 12, 2024
In recent weeks, Fidelity Investments Life Insurance has come under scrutiny following a significant data breach affecting thousands of customers. Here's what you need to know about the incident:
1. Data Breach Details:
The breach, which occurred between October 29 and November 2, 2023, stemmed from an unauthorised party accessing sensitive consumer data held by Fidelity Investments Life Insurance.
Approximately 28,000 customers were impacted by the breach, with their personal information compromised.
The breached data includes names, social security numbers, dates of birth, states of residence, and financial information, particularly bank account and routing numbers used for premium payments on life insurance policies.
This data can contribute to an increase in phishing attacks, and uplift the risk of identity theft or financial fraud for the customers.
2. Third-Party Involvement:
The breach was traced back to Infosys McCamish Systems, a third-party service provider utilised by Fidelity Investments Life Insurance.
Infosys McCamish notified Fidelity Investments of the breach in early November, prompting an investigation into the incident.
3. Ongoing Investigation:
Infosys McCamish has engaged external experts to conduct a thorough investigation into the breach.
While the investigation is ongoing, Fidelity Investments Life Insurance officials believe that a range of sensitive customer data was compromised during the breach.
4. Customer Notifications:
Fidelity Investments Life Insurance has begun notifying affected customers about the breach and the potential exposure of their personal information.
The company emphasises its commitment to protecting customer data and pledges to take appropriate actions in collaboration with Infosys McCamish.
5. Prior Incidents:
This isn't the first time Infosys McCamish has caused security breaches.
In a separate incident, Infosys McCamish notified Bank of America about a breach affecting over 57,000 customers enrolled in deferred compensation plans.
6. Response and Assurance:
Fidelity Investments Life Insurance reassures customers that they have not impacted their systems by the breach and that they have detected no related activity within Fidelity's environment.
7. Legal Investigation:
The law firm of Federman & Sherwood has initiated an investigation into the data breach at Fidelity Investments Life Insurance, aiming to assess the impact on affected individuals.
8. Call for Action: Implementing Zero Trust Measures
To mitigate the risk of data breaches like this in the future, companies can adopt a zero trust approach.
By implementing strict access controls, continuous monitoring, and least privilege access policies, organizations can significantly reduce the likelihood of unauthorised access to sensitive data, hence lowering the risk of data and reputation loss because of a third party vendor breach.
As the investigation unfolds and affected customers are notified, Fidelity Investments Life Insurance remains focused on addressing the breach, safeguarding customer data, and ensuring transparency throughout the process.
Stay tuned for further updates as the situation develops.