Ascensus, Newport Nonqualified Platforms Hit by Infosys Cybersecurity Issue

Ascensus and its subsidiary, Newport Group Inc., have had their nonqualified retirement plan services affected by a cyberattack on business processes firm Infosys McCamish Systems LLC.

The platform that Ascensus and Newport use has not been able to update nonqualified user accounts since November 2. The firms are seeking a solution by November 17, according to a company spokesperson and a customer service letter sent to an account holder. 

“The platform we use to support aspects of our nonqualified retirement plan administration services has been affected by the Infosys McCamish outage since November 2,” a spokesperson said via email. “We have been communicating regularly with our clients and participants since that time, and our systems are not impacted. Account values will be accurately reflected once full functionality has been completely restored. We have apologized for any inconvenience or concern this has caused.”

Infosys BPM Ltd., based in Bangalore, India, released a statement November 3 that its U.S. subsidiary, Infosys McCamish, had been made aware of a “cybersecurity event resulting in non-availability of certain applications and systems in IMS.” The firm noted it is working with a “leading cybersecurity products provider” to resolve the issue.

Infosys McCamish provides platform-based services to more than 40 insurance companies “across a broad array of insurance products, distribution models and platform deployment options,” according to its website. It lists retirement industry services that include nonqualified support, qualified defined contribution administration and qualified defined benefit administration. On Thursday, a spokesperson said Infosys BPM had no further information beyond the November 3 statement.

Ascensus, which acquired Newport in 2021, is listed as the second-largest NQDC provider by participants with 135,217 account holders, according to PLANSPONSOR’s 2023 NQDC market survey. 

Ascensus started investigating the issue on November 2, according to the spokesperson.

A Newport letter to at least one account holder shared with PLANADVISER stated that had no evidence that plan data had been “exfiltrated or disclosed to the public.” The account holder requested their name not be used. 

“We do not expect the technical issues to be resolved before November 17 and will continue to update your Dashboard’s Messages with further updates,” Newport wrote in the customer service letter.

Newport is logging all retirement plan transactions submitted after market close on November 1 to be processed once the system is restored, according to the letter. Plan participants were told they can submit transactions as normal.

“Once the technical issues have been resolved, we will carefully review, update, and verify all transactions that have taken place during this period,” the letter said. “Once complete, you can rest assured that account values will be accurately reflected, and we look forward to resuming normal servicing of your plan.”