For more stories like this, sign up for the PLANSPONSOR NEWSDash daily newsletter.
Infosys Breach Resolved for Some Nonqual, Insurance Providers
After a ransomware breach knocked out systems on November 2, accounts are back after a month of shutdown, according to clients and providers.
Nonqualified deferred compensation and insurance accounts that had been on hold for more than a month due to a ransomware attack on Infosys McCamish Systems LLC are back online, according to some clients and providers.
A cybersecurity breach affecting the U.S.-based division of Bangalore, India-based Infosys BPM Ltd., shut down some national providers of nonqualified deferred compensation plans and insurance providers starting November 2. At least some of those accounts are fixed and back online now, according to a service announcement released to account holders on Tuesday.
“We are pleased to share that the technical issue impacting your account that began on November 2, 2023, is now fully resolved,” stated a system update from nonqualified plan provider Ascensus/Newport shared with PLANSPONSOR. “Your account transactions are now current, and you can submit transactions as normal. We apologize for any inconvenience or concerns this may have caused.”
Ascensus/Newport and T. Rowe Price confirmed that nonqualified accounts were back online December 5.
“We have restored system connectivity, completed processing of all transactions that were pended during the outage, and have resumed normal operations,” according to an Ascensus/Newport spokesperson.
Principal Financial Group, where group universal life insurance accounts had been halted due to the breach, confirmed that its accounts are back online.
The Vanguard Group, which had nonqualified plans affected, did not respond to request for comment.
It is unclear if the ransomware issue behind the account freezes has been resolved or how. Infosys did not respond to a request for comment.
Infosys had hired a third-party security expert, Palo Alto Networks Inc.’s Unit 42, to investigate the attack. There were no reports of account holder information being exposed.
Account holder information was at the heart of this year’s massive MOVEit data breach, which impacted workplace retirement plans through Pension Benefit Information LLC, a data vendor working with numerous large recordkeepers and state-run pension systems.
You Might Also Like:
Fidelity Identifies Unauthorized Activity Affecting University of California Retirement Accounts
What is a SOC Report and Why Should Plan Sponsors Know About Them?
Public Sector Increasingly Relies on CISOs Amid Continued Digital Threats
« State Auto-IRA Programs Push Small Employers to Adopt 401(k) Plans