NEW YORK/BENGALURU: Infosys McCamish Systems LLC, a U.S.-based subsidiary of Indian IT major Infosys Ltd, has agreed to pay a civil penalty of ₹1.04 crore ($125,000) in a cybersecurity probe initiated by the New York Department of Financial Services (NYDFS). The action stems from a 2020 ransomware attack that exposed critical client data.
The NYDFS, in a statement issued over the weekend, said that the Atlanta-based Infosys unit failed to promptly report the incident and had not maintained adequate cybersecurity protocols as required by New York’s Cybersecurity Regulation.
Ransomware Breach and Regulatory Response
According to regulators, the attack in question affected over 5 million consumer records, impacting clients, including a major life insurance company. While no consumer complaints or confirmed data misuse were recorded, the regulators emphasised that the company had “failed to implement multi-factor authentication and timely patch management.”
The ₹1.04 crore ($125,000) penalty was imposed after Infosys McCamish Systems LLC entered into a consent order, acknowledging deficiencies in its cybersecurity governance. The company also agreed to improve its internal controls and conduct periodic audits to avoid future breaches.
The enforcement marks NYDFS’s continued emphasis on rigorous cybersecurity enforcement, especially in light of rising digital threats affecting financial institutions and service providers.
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
Infosys Responds to Penalty
In response, Infosys said it had fully cooperated with the investigation and has since enhanced its cybersecurity infrastructure. “The company has taken proactive steps, including upgraded authentication systems and real-time threat monitoring, to meet regulatory standards,” a company spokesperson stated.
Cybersecurity experts suggest that this case is a wake-up call for tech service providers handling sensitive financial data. With stricter enforcement coming into play, compliance with data protection regulations is expected to become a major operational priority across the IT services sector.