Never miss a story — sign up for PLANADVISER newsletters to keep up on the latest retirement plan adviser news.
Nonqualified Compensation Accounts Back Online After Infosys Breach
Plan and insurance accounts that had been shut down are available again, according to client accounts.
Nonqualified compensation and insurance accounts that had been on hold for more than a month due to a ransomware attack on Infosys McCamish Systems LLC are back online, according to some clients and providers.
A cybersecurity breach affecting the U.S.-based division of Bangalore, India-based Infosys BPM Ltd., shut down some national providers of nonqualified compensation plans and insurance providers starting November 2. At least some of those accounts are fixed and back online now, according to company statements and a service announcement released to account holders on Tuesday.
“We are pleased to share that the technical issue impacting your account that began on November 2, 2023, is now fully resolved,” stated a system update from nonqualified plan provider Ascensus/Newport shared with PLANADVISER. “Your account transactions are now current, and you can submit transactions as normal. We apologize for any inconvenience or concerns this may have caused.”
Ascensus/Newport and T. Rowe Price confirmed that nonqualified accounts were back online December 5.
“We have restored system connectivity, completed processing of all transactions that were pended during the outage, and have resumed normal operations,” according to an Ascensus/Newport spokesperson.
Principal Financial Group, whose group universal life insurance accounts had been halted due to the breach, confirmed that its accounts are back online.
The Vanguard Group, which had nonqualified plans affected, did not respond to request for comment.
It is unclear if the ransomware issue behind the account freezes has been resolved or how. Infosys did not respond to a request for comment.
Infosys had hired a third-party security expert, Palto Alto Networks Inc.’s Unit 42, to investigate the attack. There were no reports of account holder information being exposed.
Account holder information was at the heart of this year’s massive MOVEit data breach, which impacted workplace retirement plans through Pension Benefit Information LLC, a data vendor working with numerous large recordkeepers and state-run pension systems.