Infosys Ransomware Attack Affecting Nonqual Plans Nearing Fix
Nonqualified compensation benefit accounts held hostage by a ransomware attack may be nearing reactivation, according to a notice to providers obtained by PLANADVISER.
The cybersecurity event at Infosys McCamish Systems LLC that halted multiple national retirement and insurance provider platforms, starting on November 2, was the result of a ransomware attack, according to sources familiar with the issue and the note to providers. Infosys BPM Ltd., the Bangalore, India-based parent company of Infosys McCamish, has only called it a “cybersecurity event” and did not immediately respond to request for further comment on the fix.
“As we previously informed you, McCamish Systems, an Infosys subsidiary and a provider critical to our ability to process and update participant transactions, experienced a ransomware event on November 2,” stated a letter from nonqualified plan provider Newport, owned by Ascensus, to benefits clients on Tuesday. “IMS notified us that it has successfully restored and rebuilt its environment.”
Infosys on November 3 disclosed the cybersecurity event to the Securities and Exchange Commission as part of a Form 6-K filing.
On Thursday, T. Rowe Price, the Vanguard Group and Ascensus noted that a breach at the platform provider had halted account use for nonqualified compensation plans and, in the case of Principal Financial Group, group universal life insurance accounts. None provided further comment on the fix.
Infosys had hired a third-party security expert, Palto Alto Networks Inc.’s Unit 42, to investigate the attack. Unit 42 confirmed that the systems have “been hardened” and that the security firm has not observed any “indication of ongoing unauthorized access or activity,” according to the letter.
Participants with nonqualified plans do not yet have access to their accounts, with an update to come the week of November 27. As of now, no participant data has been exposed, according to this and prior correspondence from the providers.
“As previously communicated, we are taking a number of actions to protect your data and ensure that participant accounts will reflect up-to-date, accurate values, including…
