February 13, 2024 at 12:31AM
Infosys’s US subsidiary, IMS, suffered a cyber security incident, resulting in a data breach. Personal data of 57,028 people, including Social Security Numbers, was exposed. The breached information includes names, addresses, birth dates, and other sensitive account details, potentially putting victims at risk of identity fraud. The alleged involvement of the LockBit ransomware gang adds further concern.
From the meeting notes, it is clear that Infosys, specifically its US subsidiary Infosys McCamish Systems LLC, suffered a data breach resulting in non-availability of certain applications and systems. The breach involved the improper access of personal information, including social security numbers, of 57,028 individuals serviced by Bank of America. The impacted individuals received a notification letter which indicated that their personal information, such as names, addresses, business email addresses, dates of birth, social security numbers, and other account information, may have been compromised.
Additionally, the breach potentially exposed sensitive financial information related to deferred compensation plans, retirement savings plans, and awards of stock options. There are concerns about identity fraud, considering the nature of the compromised data. It has been alleged that the LockBit ransomware-as-a-service gang was behind the incident, which aligns with a potential ransomware attack.
It is noted that victims have been advised to change passwords, monitor their accounts for suspicious activity, and are being offered two years of free identity theft protection services from Experian. As of now, there has been no response from Infosys regarding this incident.
Please let me know if there are any specific action items or follow-ups needed regarding this information.