Infosys subsidiary McCamish Systems hit by cyberattack and data breach of 6M, possibly by ransomware
Learn More
McCamish Systems, a subsidiary of Infosys operating in the United States, has experienced a cybersecurity breach suspected to be a ransomware attack. Infosys has not provided any details on the extent or specifics of the cyber incident.
Cybersecurity researchers discovered that the attack seems to involve a ransomware variant, but the full scope of the incident will only be known after a detailed examination is completed. Infosys McCamish Systems, known for its strong stance on data security, is currently taking actions to control the risks associated with this security breach.
In a recent stock exchange communication, Infosys reported that McCamish Systems encountered a cybersecurity event which led to the disruption of certain applications and systems. McCamish Systems, specializing in BPO services for the financial sector and a seller of software to specific industry clients, joined Infosys BPM in 2009.
The incident at McCamish Systems has sparked speculative discussions on forums like Reddit, with comments humorously suggesting that the attack could be a reaction to a controversial call by Narayana Murthy, a co-founder of Infosys for increased work hours in India's IT sector. Infosys has not responded so far.
Update - as of 21st of November, Infosys McCamish Systems is resolving the cybersecurity breach that halted multiple retirement and insurance platforms, though account updates for participants are still pending. While the restoration of systems is underway and no participant data has been exposed, concerns about asset-liability mismatches due to the attack persist, with potential impacts on nonqualified compensation plans and the potential for paper forms to replace digital transactions. Infosys, which has not commented on the specifics of the breach, may face financial consequences, including possible claims on their cybersecurity insurance.
As of 25th of June 2024, Infosys McCamish Systems reported that Union Labor Life Insurance customers were affected by the data breach and notified them.
As of 28th of June 2024, Infosys McCamish Systems reported that the total number of affected individuals is over six million. With the help of third-party eDiscovery experts, IMS conducted a review to identify the personal information compromised and the individuals affected.
The types of data confirmed as compromised vary but include:
- Social Security Number (SSN)
- Date of birth
- Medical treatment/record information
- Biometric data
- Email address and password
- Username and password
- Driver’s License number or state ID number
- Financial account information
- Payment card information
- Passport number
- Tribal ID number
- U.S. military ID number
IMS has notified the impacted organizations and individuals about the data compromise and is offering two years of free identity protection and credit monitoring services through Kroll. While IMS has not disclosed all affected clients, it confirmed the involvement of Oceanview Life and Annuity Company (OLAC), an Arizona-based annuities provider
