Notice of Cybersecurity Incident

Infosys McCamish Systems, LLC (“IMS”) is providing notice of an incident that involved personal information. Although we are unaware of any instances since the incident occurred in which the personal information has been fraudulently used, we are providing notice about this incident, background information and steps those affected can take to protect their personal information.

WHAT HAPPENED? On November 2, 2023, IMS became aware that certain IMS systems were encrypted by ransomware (the “Incident”). That same day, IMS began an investigation with the assistance of third-party cybersecurity experts, retained through outside counsel, to determine the nature and scope of the activity, assist with containment, and ensure no ongoing unauthorized activity. IMS also promptly notified law enforcement. Please note that the Incident has since been contained and remediated.

The in-depth cyber forensic investigation determined that unauthorized activity occurred between October 29, 2023, and November 2, 2023. Through the investigation, it was also determined that data was subject to unauthorized access and acquisition. With the assistance of third-party eDiscovery experts, retained through outside counsel, IMS proceeded to conduct a thorough and time-intensive review of the data at issue to identify the personal information subject to unauthorized access and acquisition and determine to whom the personal information relates. After a comprehensive review, it was determined that some of your personal information may have been affected.

WHAT INFORMATION WAS INVOLVED? The investigation determined that data included the following types of personal information: Social Security Number, date of birth, medical treatment/record information, biometric data, email address and password, Driver’s License number or state ID number, financial account information, payment card information, passport number, tribal ID number, and U.S. military ID number.

WHAT WE ARE DOING. Please know that protecting your personal information is something that we take very seriously. IMS, with the assistance of third-party cybersecurity experts, retained through outside counsel, conducted a diligent investigation to confirm the nature and scope of the Incident. We also took steps to reduce the likelihood of a similar event occurring in the future, and we continue to make additional improvements that strengthen our cybersecurity posture.

IMS processes data on behalf of a number of organizations as part of providing corporate and business market operations for its customers. IMS has notified those customers whose data was subject to unauthorized access and acquisition. Where IMS is considered the data owner, IMS is in the process of informing individuals whose personal information was subject to unauthorized access and acquisition.

WHAT YOU CAN DO. We encourage you to remain vigilant against identity theft and fraud by reviewing your financial account statements and credit reports for any anomalies and encourage you to notify your financial institution of any unauthorized transactions or suspected identity theft. We also encourage you to review the enclosed Additional Steps to Protect Your Personal Information and State Law Information for additional guidance. You should be on guard for schemes where malicious actors may pretend to represent IMS or reference this Incident.

FOR MORE INFORMATION. Should you have any questions regarding this Incident, please contact our dedicated call center by dialing (866) 992-9742 toll-free Monday – Friday between 8am – 5:30pm CT (excluding major U.S. holidays).

We regret any concern or inconvenience this Incident may cause you.