HomeMalware & ThreatsInfosys reaches $17.5M settlement in data breach class action lawsuits.

Infosys reaches $17.5M settlement in data breach class action lawsuits.

Published on

spot_img

In March 2025, Indian IT services company Infosys made headlines as its U.S. subsidiary, Infosys McCamish Systems, agreed to pay a whopping $17.5 million to settle six class action lawsuits stemming from a significant cybersecurity incident that impacted over 6 million individuals. The incident, which occurred in November 2023, involved unauthorized access to Infosys McCamish Systems’ systems, data exfiltration, and encryption of systems with ransomware.

The cyberattack, which took place between October 29 and November 2, 2023, was attributed to the LockBit ransomware group, who claimed responsibility for encrypting more than 2,000 corporate systems, including those of Infosys McCamish Systems. The group demanded a $50,000 ransom payment, but Infosys McCamish Systems’ offer was deemed insufficient by the attackers.

The compromised data included a treasure trove of sensitive information such as Social Security Numbers, dates of birth, medical treatment details, email addresses, passwords, driver’s license numbers, financial account information, payment card details, passport numbers, tribal ID numbers, and U.S. military ID numbers. Following the breach, Infosys McCamish Systems identified corporate customers whose business data had also been exposed and committed to notifying and supporting them in their reporting obligations.

By June 2024, Infosys revealed that approximately 6.08 million individuals were affected by the ransomware attack. Notably, the data breach incident also impacted approximately 57,000 Bank of America customers, as disclosed by Infosys McCamish Systems to the attorney general’s office. Subsequently, several class-action lawsuits were filed against the company, with plaintiffs alleging that Infosys had failed to implement adequate cybersecurity measures, thereby exposing customers to various cyber risks.

One of the lawsuits specifically accused Infosys of neglecting to promptly notify affected customers about the data security incident and failing to provide important details such as the vulnerabilities exploited and remedial measures taken to prevent future breaches. This lack of transparency was perceived as hindering the affected individuals’ ability to mitigate the potential harms resulting from the breach.

In response to the legal action, Infosys McCamish Systems entered into a settlement agreement with the plaintiffs in March 2025, without admitting any liability. The proposed settlement amount of $17.5 million, subject to court approval, was intended to address the claims and bring closure to the legal disputes arising from the cybersecurity incident. The company expressed its commitment to cybersecurity and data protection moving forward, underscoring the importance of safeguarding customer information and ensuring robust security measures.

This high-profile case serves as a stark reminder of the far-reaching implications of cyberattacks on organizations and individuals alike. As the digital landscape continues to evolve, businesses must prioritize cybersecurity and risk management to protect sensitive data and maintain the trust of their stakeholders.

Source link

Latest articles

Impact of CISA’s Red Team Disarray on US Cyber Defenses

The Cybersecurity and Infrastructure Security Agency (CISA) has been making headlines recently for its...

Costa Rica Government’s Youtube Account Targeted in Cyber Attack – U.S. News & World Report

The Costa Rican government's official YouTube account was recently the target of a cyber...

CISA identifies NAKIVO’s backup vulnerability as actively exploited

The recent exploitation of a vulnerability in Nakivo Backup & Replication software has raised...

Attackers Exploit Weaponized CAPTCHAs for PowerShell Execution and Malware Deployment

In the latest wave of sophisticated cyberattacks, threat actors have taken to using deceptive...

More like this

Impact of CISA’s Red Team Disarray on US Cyber Defenses

The Cybersecurity and Infrastructure Security Agency (CISA) has been making headlines recently for its...

Costa Rica Government’s Youtube Account Targeted in Cyber Attack – U.S. News & World Report

The Costa Rican government's official YouTube account was recently the target of a cyber...

CISA identifies NAKIVO’s backup vulnerability as actively exploited

The recent exploitation of a vulnerability in Nakivo Backup & Replication software has raised...