Cyber Crime
Cybersecurity Lapse: Infosys’ US Unit Fined ₹150 Crore
Infosys McCamish Systems (IMS) has agreed to pay $17.5 million to settle lawsuits related to a 2023 cybersecurity breach linked to the LockBit ransomware gang. The breach compromised thousands of customers’ data, leading to financial losses of ₹250 crore ($30 million). The settlement, pending final court approval, aims to resolve legal disputes without admitting liability.
Bengaluru: Infosys McCamish Systems (IMS), a subsidiary of Infosys BPM, has agreed to pay $17.5 million to settle multiple class-action lawsuits related to a cybersecurity breach that occurred in 2023. The company made the announcement in a recent stock exchange filing, stating that it had reached a settlement agreement with affected customers.
The cyberattack, linked to the notorious LockBit ransomware gang, disrupted IMS services, impacting applications and systems used by the firm and its clients. One of Infosys’ key customers, Bank of America (BofA), identified IMS as the source of a data breach that compromised sensitive information of 57,028 customers.
Cybersecurity Breach and Settlement Terms
According to Infosys, the cybersecurity breach happened between October 29, 2023, and November 2, 2023. The company conducted an in-depth cyber forensic investigation, which confirmed unauthorized activity during this period. The breach resulted in financial losses amounting to Rs 250 crore ($30 million) due to remediation efforts, system restoration, and communication expenses.
Following extensive mediation, Infosys and the plaintiffs reached a preliminary agreement on March 13, 2025. The proposed settlement terms require IMS to pay $17.5 million into a fund to compensate affected customers and resolve outstanding lawsuits.
The settlement is pending final court approval and due diligence by the plaintiffs. Infosys clarified that the agreement does not constitute an admission of liability but is intended to bring closure to the legal disputes.
Now Open: Pan-India Registration for Scam Reporters & Fraud Investigators!
Background on Infosys McCamish Systems
McCamish Systems, acquired by Infosys BPM in 2009, specializes in platform-based BPO services for the financial sector, including life insurance and annuities. The company also functions as a software reseller for industry-specific clients.
The 2023 cybersecurity incident led to significant disruptions, with LockBit ransomware operators claiming responsibility for the attack. Experts had warned about the risks associated with third-party service providers like IMS, which manage critical financial data.
Looking Ahead: Strengthening Cybersecurity Measures
As part of its response, Infosys has strengthened cybersecurity frameworks and implemented additional security measures to prevent future breaches. The company reiterated its commitment to safeguarding client data and enhancing cybersecurity protocols across its global operations.
The finalization of the settlement will mark a critical step in resolving legal and financial ramifications stemming from the 2023 cyberattack. Investors and stakeholders will be closely watching how Infosys manages future cybersecurity challenges and regulatory compliance.
Follow The420.in on
Telegram, Facebook, Twitter, LinkedIn, Instagram and YouTube