Quantcast
The MFWire
 Manage Email Alerts | Sponsorships | About MFWire | Who We Are

Subscribe to MFWire.com's News Alerts [click]

Rating:Nuveen and Principal AM Dodge a Hack That Hit 6MM Not Rated 0.0 Email Routing List Email & Route  Print Print
Tuesday, October 15, 2024

Nuveen and Principal AM Dodge a Hack That Hit 6MM

News summary by MFWire's editors

Though at least five firms in the asset management business were affected by a hack that hit a tech ally to the insurance industry. Yet for at least three of the affected companies, their asset management arms dodged the bullet.

Spokespeople with Principal, Prudential Financial (parent of PGIM), and with TIAA (parent of Nuveen), confirm that their Nuveen, PGIM, and Principal Asset Management businesses were not affected by an Infosys McCamish Systems, LLC data breach that came to light in recent months. Yet other businesses at TIAA, Pru, and Principal were affected, and several other firms in asset management were affected, too. (Our sister publication 401kWire covered the hack's effect on the firms' retirement plan businesses.)

The Hack Comes to Light


Though the hacking incident took place almost a year ago, it started coming to light over the past few months. On June 27, Ron Plesco, partner at DLA Piper LLP, filed a data breach notification, on Infosys' behalf, with the Office of the Maine Attorney General. The notice with the Maine AG revealed that Infosys was hit by an "external system breach" between October 29, 2023 and November 2, 2023. Also on June 27, 2024, the technology provider's team also began directly notifying affected individuals in writing.

Those notices reveal that the fall 2023 breach affected more than six million people (6,078,263, including 11,866 in Maine). Data exposed included: biometrics, dates of birth, email addresses, financial account and payment card information, medical records, passwords, Social Security Numbers, usernames, and numbers for driver's licenses, military IDs, passports, state IDs, and U.S. military IDs. In light of the breach, the InfoSys team is provided affected individals with 24 months of credit monitoring and identity theft services from Kroll.

At Principal, Life Insurance Customers Were Affected


On August 13, 2024, the InfoSys team filed again with the Maine AG, revealing that two of its customers affected by the big fall 2023 hack were Principal Life Insurance Company and Prudential Insurance Company of America.

A Principal spokesperson confirms that the Infosys hack did not affect customers of Principal Asset Management.

"Infosys McCamish Systems (McCamish) was the target of a cybersecurity event late last year that disrupted certain applications and systems used to service our group universal life customers. As a customer of McCamish, we received confirmation that Principal customer data for our group universal life products was subject to unauthorized access and acquisition as part of the cybersecurity event," the Principal spokesperson tells 401kWire in emailed statemet. "Principal does not work with McCamish in our retirement business, or in servicing our non-qualified book of business. We've worked with McCamish to notify impacted individuals directly on behalf of itself and Principal and provided an offer for free credit monitoring and identity restoration services."

"Safeguarding our customers' information has long been a critical priority for Principal," the Principal spokesperson adds. "Please note that no internal systems of Principal were compromised because of this incident, and no data was exfiltrated from systems maintained by Principal."

A Pru spokesperson tells MFWire that "PGIM was not impacted by this issue."

At T. Rowe, Non-Qual Customers Were Affected


On September 9, 2024, the Infosys team filed again with the Maine AG, revealing two more customers affected by the big fall 2023 hack. Those customers were New York Life Group Benefit Solutions and T. Rowe Price Retirement Plan Services, Inc.

New York Life spokespeople did not respond to a request for comment on what effect (if any) the hack had on their asset management arm, New York Life Investments.

In T. Rowe Price's case, the hack affected some non-qual clients, a spokesperson confirms. Yet the spokesperson did not respond to a request for comment on what effect (if any) the hack had on T. Rowe's mutual funds.

"Infosys McCamish informed T. Rowe Price Retirement Plan Services, Inc. (T. Rowe Price) about the subset of less than 10,000 impacted individuals associated with nonqualified plans record kept by T. Rowe Price. T. Rowe Price reviewed the data, communicated with our impacted nonqualified plan clients, and offered them the opportunity to opt in to mailings being made by IMS to impacted individuals," a T. Rowe spokesperson tells 401kWire in an emailed statement. "The mailings to these impacted individuals were made on August 23rd and T. Rowe Price's name has been added by IMS to its regulatory filings in certain states as is customary."

"T. Rowe Price's systems were not compromised by the incident at IMS [Infosys McCamish Systems LLC] and no data was exfiltrated from T. Rowe Price systems," the spokesperson adds. "IMS provides recordkeeping support to T. Rowe Price for nonqualified plans only and there was no impact to the services T. Rowe Price provides to qualified and governmental retirement plans."

At TIAA, Retail Customers Were Affected


On September 27, 2024, Louis Senay, managing director of supervisory affairs at TIAA, filed a data breach notification with the Maine AG, revealing that TIAA and TIAA Life were affected by the big fall 2023 hack of Infosys. Per that notice, 8,977 individual TIAA customers (including 81 Maine residents) were affected.

Yet in TIAA's case, it was retail clients were affected by the hack, a company spokesperson confirms, but not Nuveen fund shareholders. (The notice sent to affected customers came from Ali Iqbal, president of TIAA-CREF Life Insurance Company.)

"Infosys McCamish Systems (IMS) notified TIAA that some TIAA and TIAA Life retail customers (not institutional plan participants or Nuveen clients) were impacted during McCamish's November 2023 cybersecurity incident. There was no involvement whatsoever of TIAA’s systems or recordkeeping platform," a TIAA spokesperson tells 401kWire in an emailed statement. "We have alerted those affected customers and IMS has secured Kroll's services to provide identity monitoring services at no cost to them. Data security remains a top priority at TIAA." 

Edited by: Neil Anderson, Managing Editor


Stay ahead of the news ... Sign up for our email alerts now
CLICK HERE

0.0
 Do You Recommend This Story?


GO TO: MFWire
Return to Top
 News Archives
2024: Q4Q3Q2Q1
2023: Q4Q3Q2Q1
2022: Q4Q3Q2Q1
2021: Q4Q3Q2Q1
2020: Q4Q3Q2Q1
2019: Q4Q3Q2Q1
2018: Q4Q3Q2Q1
2017: Q4Q3Q2Q1
2016: Q4Q3Q2Q1
2015: Q4Q3Q2Q1
2014: Q4Q3Q2Q1
2013: Q4Q3Q2Q1
2012: Q4Q3Q2Q1
2011: Q4Q3Q2Q1
2010: Q4Q3Q2Q1
2009: Q4Q3Q2Q1
2008: Q4Q3Q2Q1
2007: Q4Q3Q2Q1
2006: Q4Q3Q2Q1
2005: Q4Q3Q2Q1
2004: Q4Q3Q2Q1
2003: Q4Q3Q2Q1
2002: Q4Q3Q2Q1
 Subscribe via RSS:
Raw XML
Add to My Yahoo!
follow us in feedly




©All rights reserved to InvestmentWires, Inc. 1997-2024
14 Wall Street | 20th Floor | New York, NY 10005 | P: 212-331-8968 | F: 212-331-8998
Privacy Policy :: Terms of Use