LockBit ransomware breach hits IMS, affects six million people

July 1, 2024
IMS LockBit Ransomware Hacking Data Breach US Infosys McCamish Systems

Infosys McCamish Systems (IMS) recently disclosed that over six million people’s sensitive data had been hacked by a ransomware campaign that was coordinated by LockBit.

IMS is a multinational company that specialises in business consulting, IT, and outsourcing services. Its primary clients are in the financial services and insurance industries. Serving significant organisations, including Bank of America and seven of the top ten insurers in the nation, the company continues to have a significant presence in the United States.

The company first reported on the ransomware attack in February 2024, although it happened in November 2023. Approximately 57,000 Bank of America customers were affected, the business revealed at the time. The attack’s perpetrators, LockBit, asserted that they had encrypted 2,000 PCs on the IMS network.


IMS has now verified to U.S. authorities that there are more than six million affected people overall.


This information was discovered following a comprehensive investigation carried out with the aid of outside eDiscovery specialists, who assisted in locating the private data that had been accessed without permission.

The vast amount of compromised data differs from person to person. Social Security Numbers (SSNs), dates of birth, medical records, biometric information, email addresses, usernames and passwords, financial account numbers, payment card details, driver’s license numbers, passport numbers, tribal IDs, and U.S. military IDs are among the details it contains.

In an effort to lessen the dangers resulting from this data breach, the affected company is providing impacted parties with a free two-year credit monitoring and identity protection service via Kroll. This action is intended to assist people in protecting their data and keeping an eye out for any possible misuse.

IMS stated that Oceanview Life and Annuity Company (OLAC), an Arizona-based supplier of fixed and fixed-indexed annuities, is one of the affected clients, though it has not revealed the identities of all the others. The company pointed out that if more clients ask to be included in the filings, the list of affected organisations may increase.

The IMS LockBit ransomware attack reminds users of the growing risks to cybersecurity and the serious consequences that can result from such breaches for both individuals and businesses. Protecting the impacted parties and averting such accidents continue to be the major priorities as investigations deepen and new information comes to light.

About the author

Leave a Reply