Skip to main content
A white-haired woman looks at her computer with concern as she realizes her important online data was breached.

Newport Group Warns of MassMutual Data Breach

Written by Joseph Lyon on . Posted in Data Breach.

The Lyon Firm is investigating yet another data breach impacting MassMutual plan members after Newport Group, a third-party vendor, alerted the California Attorney General and began sending out data breach notification letters to impacted individuals. Contact our legal team to learn more about the ransomware attack and to discuss the best course of action moving forward. 

What Happened at Newport Group?

On March 22, 2024, Newport Group filed a notice of data breach with the Attorney General of California after confirming a third-party vendor data breach resulted in the leak of Massachusetts Mutual Life Insurance Company customer information.

The Newport Group was hired by Massachusetts Mutual Life Insurance Company (MassMutual) as a third-party recordkeeper for non-qualified deferred compensation plans sponsored by MassMutual. The records collected and stored by Newport allegedly included data collected for eligible participants in MassMutual non-qualified retirement plans, as well as individuals named as beneficiaries of a plan participant.

These records were compromised when a ransomware attack targeted Infosys McCamish Systems (IMS), a separate third party used by Newport to process transactions. The Infosys attack is apparently the source of the MassMutual personal data breach. Infosys has said there was indeed Newport data on their system at the time of the attack, but an investigation is still ongoing and the extent of the data breach incident is still unknown.

If you have received a letter from Newport Group regarding the IMS and MassMutual data breach, contact our data breach lawyers to review. We offer free and confidential consultations for plaintiffs nationwide.

data on computer

Was MassMutual Personal Data Stolen?

An investigation is ongoing, though in sample notices sent to victims of the breach Newport explains that the incident resulted in an unauthorized party being able to access “consumers’ sensitive information,” which may include names, Social Security numbers, addresses, and dates of birth.

If you receive a data breach notification from Newport Group regarding the IMS ransomware attack that compromised information you provided to MassMutual, it is important to know what is at risk and to begin to protect yourself from possible fraud and identity theft.

A data breach attorney can assist you in filing a class action complaint, and to seek compensation for damages related to the incident. Our legal team has the resources, the experience and the dedication to represent plaintiffs in all fifty states.

Understanding the Timeline of Events

On November 2, 2023, Infosys McCamish (IMS) first learned that it was the target of a ransomware attack. The company informed Newport Group of the incident, and an investigation began with the help of cybersecurity experts.

The data security specialists later concluded that an unauthorized party was able to access Newport Group information stored on the hacked Infosys McCamish network. The breached data varies depending on the individual, but may include the following information related to plan members and beneficiaries:

  • Names
  • Social Security numbers
  • Addresses
  • Dates of birth

On March 22, 2024, Newport Group started sending data breach letters to MassMutual customers who are thought to be impacted by the incident. These letters should provide victims with more specifics regarding the nature of the event and exactly what personal information has been compromised.

More About Newport Group & Infosys McCamish

Newport Group, Inc., which recently merged with Ascensus, is a financial services company operating out of Walnut Creek, California. The company provides services to MassMutual and other companies that include record keeping, plan administration, trust and custody, consulting, fiduciary consulting, and insurance products and services.

Infosys McCamish Systems (IMS) is a life insurance and retirement services company based out of Atlanta. The company platform-based insurance process management solutions and services to dozens of insurance companies.

Is There a MassMutual Data Breach Lawsuit?

Our data breach lawyers are reviewing the Newport Group ransomware attack and the resulting breach of MassMutual plan member data. If you are impacted by this incident, you may consider legal action and you are urged to take prompt action to begin to protect yourself. Following any data breach event, victims are encouraged to remain vigilant, and look out for signs of fraud.

It is prudent to carefully monitor your credit history and accounts. You may want to change login information on your accounts and alert credit agencies if your SSN has been leaked. Cybercriminals are able to engage in a number of malicious, fraudulent schemes when they obtain even a small amount of stolen personal data.

Note that this is the second large data security incident reported in 2023 by MassMutual. This is an unrelated breach of plan member data, and although it may impacted the same individuals and similar data sets, it may require filing a separate claim. The first data theft incident also included a ransomware attack on a third party vendor, the PBI Research – MOVEit attack, a well-documented event that impacted millions around the world.

Our data privacy lawyers are currently involved in several high-profile data breach cases involving millions of American consumers. We take on data theft cases in all fifty states, and we have settled similar cases for six and seven figures.

Our lawyers believe very strongly that any entity that collects and stores your personal data has a duty to protect it. The accountability lies with the company you share your information with, and any vendor that may have access to it. If you are a victim of a data breach, call us to learn more about filing a class action claim.