Sensitive information belonging to tens of thousands of Fidelity Investments Life Insurance customers was stolen, reportedly thanks to a supply chain attack that happened in 2023.
The insurance giant has filed a data breach notification with the Maine attorney general’s office in which it stated that 28,268 of its customers had their private data leaked after a data breach at Infosys McCamish Systems LLC – a US subsidiary of Indian tech services giant Infosys.
The breach, which happened in November 2023, resulted in the theft of people’s names, Social Security numbers, states of residence, bank accounts and routing numbers, or credit/debit card numbers in combination with access code, password, and PIN for the account, and dates of birth.
LockBit’s involvement
This database is a real treasure trove for every hacker out there, as it provides enough information to mount incredibly believable phishing attacks, identity theft, impersonation, wire fraud, and a whole slew of similar scams.
Soon after news of the breach broke, ransomware operators LockBit took responsibility. LockBit is one of the world’s biggest and most dangerous ransomware-as-a-service operators, whose affiliates are behind some of the most devastating ransomware attacks in newer times.
LockBit was also the target of Operation Cronos, a major law enforcement operation spearheaded by the UK’s NCA, which happened earlier this year. During the operation, dozens of LockBit’s servers were seized, stolen data retrieved, their websites defaced, and information on almost 200 affiliates obtained.
However, as no arrests were made, LockBit made a swift return, propping up new infrastructure and websites in less than a week. The website featured five new victims straight away.
In mid-January 2024, Fidelity National Financial suffered an attack that saw BlackCat hackers steal data on over a million customers.
More from TechRadar Pro
Services Marketplace – Listings, Bookings & Reviews