Infosys to pay $17.5 million to settle data breach case in BPM unit

Infosys will pay $17.5 million to settle a class-action lawsuit against one of its business process management (BPM) units arising out of a cybersecurity incident in 2023.

 

Some of the data of Infosys McCamish Systems, a unit of Infosys BPM, was breached between October and November 2023, leading to the non-availability of certain systems and applications in McCamish.

 

McCamish, bought by Infosys BPM in 2009, is a platform-based BPO firm that provides life insurance and retirement software solutions and service offerings in the US.

 

“The proposed terms are subject to confirmation and due diligence by the plaintiffs, finalisation of the terms of the settlement agreement, as well as preliminary and final court approval. Once approved, the settlement will resolve all allegations made in the class-action lawsuits without admission of any liability,” Infosys said in a statement on Friday.

 

 

The data breach affected about 57,000 Bank of America (BofA) customers, one of the largest clients of India’s second-largest IT services company. Some of the data that was affected included sensitive customer information, including names, addresses, social security numbers, and other account details related to BofA's deferred compensation plan.

 

Infosys said last year that the breach resulted in loss of contracted revenues and $38 million in costs with respect to remediation, restoration, communication efforts, investigative processes and analysis, and legal services as of March 31, 2024.