Infinex Investments, Inc.

The Maine Office of the Attorney General disclosed a data breach affecting Infinex Investments, Inc. on June 28, 2022. The incident stemmed from an inadvertent disclosure of a 401(k) statement to an unauthorized participant, exposing the financial account information of one individual. The breach was accidental, involving the mishandling of sensitive financial records rather than a targeted cyber intrusion or malicious exploitation. While the scope was limited to a single person’s data, the exposed information linked to retirement savings carries financial privacy risks. No evidence suggested broader compromise, ransomware, or systemic vulnerabilities. The company likely addressed the issue through internal corrective measures, such as reinforcing data-sharing protocols and notifying the affected individual. The incident highlights the importance of strict access controls, even in non-malicious scenarios, to prevent unintended exposure of personal financial details.

Source: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/32c49f59-c31d-47b5-8f43-aa39b4b30626.shtml

TPRM report: https://www.rankiteo.com/company/vancerichard-firsthorizonadvisors

"id": "van1021090725",
"linkid": "vancerichard-firsthorizonadvisors",
"type": "Breach",
"date": "2/2022",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"

{'affected_entities': [{'customers_affected': '1',
                        'industry': 'Investment Management',
                        'name': 'Infinex Investments, Inc.',
                        'type': 'Financial Services'}],
 'data_breach': {'file_types_exposed': ['PDF/Statement'],
                 'number_of_records_exposed': '1',
                 'sensitivity_of_data': 'High (Financial)',
                 'type_of_data_compromised': ['Financial Account Information '
                                              '(401(k) statement)']},
 'date_publicly_disclosed': '2022-06-28',
 'description': 'The Maine Office of the Attorney General reported a data '
                'breach involving Infinex Investments, Inc. on June 28, 2022. '
                'The breach occurred due to the inadvertent disclosure of a '
                '401(k) statement to another participant, potentially '
                "impacting one individual's financial account information.",
 'impact': {'data_compromised': ['401(k) statement'],
            'identity_theft_risk': 'Potential (Financial Account Information)'},
 'post_incident_analysis': {'root_causes': 'Human Error (Inadvertent '
                                           'Disclosure of Sensitive Document)'},
 'references': [{'date_accessed': '2022-06-28',
                 'source': 'Maine Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
                                                        'Attorney General']},
 'title': 'Infinex Investments, Inc. Data Breach (2022)',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Human Error (Inadvertent Disclosure)'}

Infinex Investments, Inc.

Salesforce and Infinite Campus: Infinite Campus warns of breach after ShinyHunters claims data theft

Liberty: Insurer Liberty hit by data breach

Pingora Loan Servicing LLC, Bayview Asset Management LLC and Lakeview Loan Servicing LLC: Lakeview Loan Servicing $26M Data Breach Settlement