Infosys McCamish Systems Faces Penalty in Cybersecurity Probe

BENGALURU: Infosys McCamish Systems (IMS), a key subsidiary of Infosys BPM, has agreed to a $125,000 penalty following a stipulation and consent order with the State of Vermont's Department of Financial Regulation (DFR). This action stems from the company's failure to provide timely and accurate information during an investigation into a 2023 cybersecurity incident and delays in notifying affected individuals.

Details of the Settlement

The order, which resolves the matter without a hearing, notes that Infosys McCamish Systems does not admit to the alleged violations. The company is required to pay the administrative penalty within 30 calendar days of the order's entry by the Commissioner.

Previous Settlements and Impact

Earlier in March, IMS agreed to contribute $17.5 million to a settlement fund addressing class-action lawsuits related to the same cybersecurity breach. This settlement encompasses claims against IMS and several of its clients. The 2023 cybersecurity incident led to the temporary unavailability of certain applications and systems within McCamish, a platform-based BPO firm specializing in services for the financial sector, including life insurance, annuity products, and retirement plans.