Insurance giant Fidelity hit by data breach — thousands of customers may have had data stolen

Zero-day attack
(Image credit: Shutterstock) (Image credit: Shutterstock.com)

Sensitive information belonging to tens of thousands of Fidelity Investments Life Insurance customers was stolen, reportedly thanks to a supply chain attack that happened in 2023.

The insurance giant has filed a data breach notification with the Maine attorney general’s office in which it stated that 28,268 of its customers had their private data leaked after a data breach at Infosys McCamish Systems LLC - a US subsidiary of Indian tech services giant Infosys. 

The breach, which happened in November 2023, resulted in the theft of people’s names, Social Security numbers, states of residence, bank accounts and routing numbers, or credit/debit card numbers in combination with access code, password, and PIN for the account, and dates of birth.

LockBit's involvement

This database is a real treasure trove for every hacker out there, as it provides enough information to mount incredibly believable phishing attacks, identity theft, impersonation, wire fraud, and a whole slew of similar scams.

Soon after news of the breach broke, ransomware operators LockBit took responsibility. LockBit is one of the world’s biggest and most dangerous ransomware-as-a-service operators, whose affiliates are behind some of the most devastating ransomware attacks in newer times.

LockBit was also the target of Operation Cronos, a major law enforcement operation spearheaded by the UK’s NCA, which happened earlier this year. During the operation, dozens of LockBit’s servers were seized, stolen data retrieved, their websites defaced, and information on almost 200 affiliates obtained.

However, as no arrests were made, LockBit made a swift return, propping up new infrastructure and websites in less than a week. The website featured five new victims straight away. 

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.