Quantcast
The MFWire
 Manage Email Alerts | Sponsorships | About MFWire | Who We Are

Subscribe to MFWire.com's News Alerts [click]

Rating:Nuveen and Principal AM Dodge a Hack That Hit 6MM Not Rated 0.0 Email Routing List Email & Route  Print Print
Tuesday, October 15, 2024

Nuveen and Principal AM Dodge a Hack That Hit 6MM

News summary by MFWire's editors

Though at least five firms in the asset management business were affected by a hack that hit a tech ally to the insurance industry. Yet for at least three of the affected companies, their asset management arms dodged the bullet.

Spokespeople with Principal, Prudential Financial (parent of PGIM), and with TIAA (parent of Nuveen), confirm that their Nuveen, PGIM, and Principal Asset Management businesses were not affected by an Infosys McCamish Systems, LLC data breach that came to light in recent months. Yet other businesses at TIAA, Pru, and Principal were affected, and several other firms in asset management were affected, too. (Our sister publication 401kWire covered the hack's effect on the firms' retirement plan businesses.)

The Hack Comes to Light


Though the hacking incident took place almost a year ago, it started coming to light over the past few months. On June 27, Ron Plesco, partner at DLA Piper LLP, filed a data breach notification, on Infosys' behalf, with the Office of the Maine Attorney General. The notice with the Maine AG revealed that Infosys was hit by an "external system breach" between October 29, 2023 and November 2, 2023. Also on June 27, 2024, the technology provider's team also began directly notifying affected individuals in writing.

Those notices reveal that the fall 2023 breach affected more than six million people (6,078,263, including 11,866 in Maine). Data exposed included: biometrics, dates of birth, email addresses, financial account and payment card information, medical records, passwords, Social Security Numbers, usernames, and numbers for driver's licenses, military IDs, passports, state IDs, and U.S. military IDs. In light of the breach, the InfoSys team is provided affected individals with 24 months of credit monitoring and identity theft services from Kroll.

At Principal, Life Insurance Customers Were Affected


On August 13, 2024, the InfoSys team filed again with the Maine AG, revealing that two of its customers affected by the big fall 2023 hack were Principal Life Insurance Company and Prudential Insurance Company of America.

A Principal spokesperson confirms that the Infosys hack did not affect customers of Principal Asset Management.

"Infosys McCamish Systems (McCamish) was the target of a cybersecurity event late last year that disrupted certain applications and systems used to service our group universal life customers. As a customer of McCamish, we received confirmation that Principal customer data for our group universal life products was subject to unauthorized access and acquisition as part of the cybersecurity event," the Principal spokesperson tells 401kWire in emailed statemet. "Principal does not work with McCamish in our retirement business, or in servicing our non-qualified book of business. We've worked with McCamish to notify impacted individuals directly on behalf of itself and Principal and provided an offer for free credit monitoring and identity restoration services."

"Safeguarding our customers' information has long been a critical priority for Principal," the Principal spokesperson adds. "Please note that no internal systems of Principal were compromised because of this incident, and no data was exfiltrated from systems maintained by Principal."

A Pru spokesperson tells MFWire that "PGIM was not impacted by this issue."

At T. Rowe, Non-Qual Customers Were Affected


On September 9, 2024, the Infosys team filed again with the Maine AG, revealing two more customers affected by the big fall 2023 hack. Those customers were New York Life Group Benefit Solutions and T. Rowe Price Retirement Plan Services, Inc.

New York Life spokespeople did not respond to a request for comment on what effect (if any) the hack had on their asset management arm, New York Life Investments.

In T. Rowe Price's case, the hack affected some non-qual clients, a spokesperson confirms. Yet the spokesperson did not respond to a request for comment on what effect (if any) the hack had on T. Rowe's mutual funds.

"Infosys McCamish informed T. Rowe Price Retirement Plan Services, Inc. (T. Rowe Price) about the subset of less than 10,000 impacted individuals associated with nonqualified plans record kept by T. Rowe Price. T. Rowe Price reviewed the data, communicated with our impacted nonqualified plan clients, and offered them the opportunity to opt in to mailings being made by IMS to impacted individuals," a T. Rowe spokesperson tells 401kWire in an emailed statement. "The mailings to these impacted individuals were made on August 23rd and T. Rowe Price's name has been added by IMS to its regulatory filings in certain states as is customary."

"T. Rowe Price's systems were not compromised by the incident at IMS [Infosys McCamish Systems LLC] and no data was exfiltrated from T. Rowe Price systems," the spokesperson adds. "IMS provides recordkeeping support to T. Rowe Price for nonqualified plans only and there was no impact to the services T. Rowe Price provides to qualified and governmental retirement plans."

At TIAA, Retail Customers Were Affected


On September 27, 2024, Louis Senay, managing director of supervisory affairs at TIAA, filed a data breach notification with the Maine AG, revealing that TIAA and TIAA Life were affected by the big fall 2023 hack of Infosys. Per that notice, 8,977 individual TIAA customers (including 81 Maine residents) were affected.

Yet in TIAA's case, it was retail clients were affected by the hack, a company spokesperson confirms, but not Nuveen fund shareholders. (The notice sent to affected customers came from Ali Iqbal, president of TIAA-CREF Life Insurance Company.)

"Infosys McCamish Systems (IMS) notified TIAA that some TIAA and TIAA Life retail customers (not institutional plan participants or Nuveen clients) were impacted during McCamish's November 2023 cybersecurity incident. There was no involvement whatsoever of TIAA’s systems or recordkeeping platform," a TIAA spokesperson tells 401kWire in an emailed statement. "We have alerted those affected customers and IMS has secured Kroll's services to provide identity monitoring services at no cost to them. Data security remains a top priority at TIAA." 

Edited by: Neil Anderson, Managing Editor


Stay ahead of the news ... Sign up for our email alerts now
CLICK HERE

0.0
 Do You Recommend This Story?


GO TO: MFWire
Return to Top
 News Archives
2025: Q3Q2Q1
2024: Q4Q3Q2Q1
2023: Q4Q3Q2Q1
2022: Q4Q3Q2Q1
2021: Q4Q3Q2Q1
2020: Q4Q3Q2Q1
2019: Q4Q3Q2Q1
2018: Q4Q3Q2Q1
2017: Q4Q3Q2Q1
2016: Q4Q3Q2Q1
2015: Q4Q3Q2Q1
2014: Q4Q3Q2Q1
2013: Q4Q3Q2Q1
2012: Q4Q3Q2Q1
2011: Q4Q3Q2Q1
2010: Q4Q3Q2Q1
2009: Q4Q3Q2Q1
2008: Q4Q3Q2Q1
2007: Q4Q3Q2Q1
2006: Q4Q3Q2Q1
2005: Q4Q3Q2Q1
2004: Q4Q3Q2Q1
2003: Q4Q3Q2Q1
2002: Q4Q3Q2Q1
 Subscribe via RSS:
Raw XML
Add to My Yahoo!
follow us in feedly


    Sorry, no records in the database matched your search parameters. Clich back and try again.



  1. Nicsa webinar - New research by Alex Edmans and the Diversity Project - The Power of diverse thinking: How the best teams make decisions, July 1
  2. MFDF Director Discussion Series - Open Forum, July 9
  3. MFDF webinar - Mid-Year Tax Update for Registered Investment Companies, July 10
  4. MFDF Director Discussion Series - Open Forum (Philadelphia), July 15
  5. 2025 MMI Women in Advisory Solutions Forum, Jul 15-16
  6. Nicsa webinar - How Trusted GenAI is Transforming Data Access in Asset Management, July 16
  7. MFDF webinar - M&A and Consolidation in Asset Management, July 16
  8. MFDF webinar - ETF Conversions, July 17
  9. MFDF Director Discussion Series - Open Forum (New York), July 22
  10. MFDF Ask Anything webinar - AI Edition, July 24
  11. MFDF webinar - Use of Derivatives by RICs, July 29
  12. MFDF Director Discussion Series - Open Forum (Columbus, Ohio), August 20
  13. Samfund Soiree Boston 2025, August 21
  14. MFDF webinar - The Audit Committee Chair's Guide to Balancing Duties and Emerging Issues, September 3
  15. ICI ETF Conference, Sep 8-10
  16. Nicsa webinar - Reimagining Reconciliation: AI, Regulation, and Capital Markets Transformation, September 10
  17. MFDF webinar - Series Trust Funds - Compliance and Board Reporting, September 10
  18. MFDF In Focus - Board Oversight of DEI in Current Landscape, September 11
  19. MFDF webinar - MFDF 15(c) White Paper Webinar Series: Part 4 – Enforcement Action Takeaways, September 16
  20. MFDF webinar - Latest in Closed-End Funds Litigations, September 23
  21. MFDF webinar - Fixed Income Insights: Navigating Market Trends & Opportunities, September 24
  22. MFDF webinar - Risk Management Essentials for RICs and Boards, September 29
  23. MFDF webinar - Diligent - Tools for Fund Board Book, October 1
  24. 10th annual Fuse Forum, October 8
  25. MFDF webinar - Essential Strategies in Board Oversight of Operational Risk Management, October 14
  26. 2025 MMI Annual Conference, Oct 15-17




©All rights reserved to InvestmentWires, Inc. 1997-2025
14 Wall Street | 20th Floor | New York, NY 10005 | P: 212-331-8968 | F: 212-331-8998
Privacy Policy :: Terms of Use