Infosys McCamish Systems (IMS), a subsidiary of Infosys BPM, has agreed to pay $17.5 million (₹150 crore) to settle lawsuits related to a 2023 cybersecurity breach involving the LockBit ransomware gang. The breach compromised thousands of customer records, leading to financial losses estimated at $30 million (₹250 crore). The settlement, which requires final court approval, seeks to resolve legal disputes without IMS admitting liability.
The data breach occurred between October and November 2023, affecting IMS’s systems and applications. The attack disrupted operations and exposed sensitive customer data, including that of Bank of America (BofA), one of Infosys’ largest clients. BofA confirmed that 57,028 customers' personal information, such as names, addresses, and social security numbers, was compromised.
IMS, acquired by Infosys BPM in 2009, provides life insurance and retirement software solutions in the US market. The ransomware attack not only disrupted services but also impacted IMS’s credibility, prompting legal action from affected parties.
Infosys stated that the settlement terms are subject to finalization, due diligence, and court approval. Once approved, it will resolve all class-action lawsuits related to the breach. The company also reported $38 million in costs linked to remediation, system restoration, legal fees, and investigative efforts as of March 31, 2024.
The incident underscores the growing cybersecurity risks faced by global IT firms and highlights the financial and reputational damage resulting from data breaches.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
