Narayan AmmachchiIndian technology giant Infosys has agreed to a $17.5 million settlement to resolve multiple lawsuits filed against its subsidiary, McCamish Systems (IMS), following a ransomware attack nearly two years ago.
Under the terms of the settlement, Infosys will contribute $17.5 million to a fund designated for resolving these claims, the company confirmed.
The cyberattack, carried out by the LockBit ransomware group in late October 2023, compromised IMS servers and exposed sensitive data belonging to over 6.5 million individuals.
The breach disrupted critical financial and insurance services, rendering key applications inaccessible. LockBit encrypted more than 2,000 devices and exfiltrated confidential information, forcing IMS to suspend affected systems for nearly two months until full restoration on December 31, 2023.
The stolen data included Social Security numbers, medical and biometric records, financial account details, payment card information, passports, tribal identification, and U.S. military ID numbers.
In February 2024, LockBit publicly claimed responsibility for the breach and released the stolen data, impacting several clients, including Bank of America, which initially reported exposure of 57,000 customer records.
“The settlement will resolve all allegations raised in the class action lawsuits without any admission of liability,” IMS said in a statement. However, industry analysts note that the agreement is subject to approval by U.S. courts.
Add comment