Tuesday, March 25, 2025
HomeCyber Security NewsInfosys to Pay $17.5M in Settlement for 2023 Data Breach

Infosys to Pay $17.5M in Settlement for 2023 Data Breach

Published on

SIEM as a Service

Follow Us on Google News

Infosys, a leading IT services company, has announced that it has reached an agreement in principle to settle a series of class action lawsuits related to a data breach incident involving its subsidiary, Infosys McCamish Systems LLC.

The proposed settlement involves a payment of $17.5 million to resolve all allegations without admitting liability.

Background of the Incident

The data breach occurred in 2023, prompting the filing of six class action lawsuits in the United States against Infosys McCamish Systems LLC and some of its customers.

These lawsuits were initiated by plaintiffs who claimed that the breach led to significant losses and vulnerabilities in the handling of sensitive data.

In a statement dated March 14, 2025, Infosys revealed that the settlement agreement was reached during mediation on March 13, 2025.

Under the terms of this agreement, Infosys McCamish will contribute $17.5 million into a fund to settle all pending lawsuits.

The settlement still requires finalization of its terms, confirmation by the plaintiffs, and both preliminary and final court approval.

This settlement marks a significant step towards resolving the legal challenges faced by Infosys following the cyber incident.

By settling without admitting any liability, Infosys aims to move forward without the uncertainties associated with prolonged legal processes.

Quotes from Officials

While specific quotes from Infosys officials are not available in the latest update, the company’s commitment to transparency is evident from its regular communications regarding the case.

“This is for your information and records,” states A.G.S. Manikantha, Company Secretary of Infosys Limited. The settlement agreement will be hosted on the company’s website, indicating a commitment to keeping stakeholders informed.

The resolution of these lawsuits will likely enhance the company’s reputation for handling cybersecurity incidents effectively, even though it does not admit liability.

It demonstrates Infosys’s proactive approach to addressing legal disputes and underscores its focus on maintaining trust with clients and stakeholders.

The settlement aligns with industry trends where companies increasingly opt for early settlement rather than risking protracted legal battles.

This approach can help mitigate long-term reputational damage and financial uncertainty associated with ongoing litigation.

Infosys’s decision to settle the class action lawsuits for $17.5 million reflects its commitment to resolving disputes and ensuring continuity in its operations.

As the settlement progresses through the necessary approvals, Infosys will likely continue to emphasize its commitment to improving cybersecurity measures to prevent similar incidents in the future.

This settlement marks a crucial step in the aftermath of the 2023 data breach, showcasing Infosys’s strategic approach to managing legal and reputational risks in the complex landscape of technology and cybersecurity.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Ingress NGINX RCE Vulnerability Allows Attackers to Compromise Entire Cluster

A series of remote code execution (RCE) vulnerabilities known as "IngressNightmare" have been discovered...

Hackers Deploy Fake Semrush Ads to Steal Google Account Credentials

In a recent cybersecurity threat, hackers have been using fake Semrush ads to target...

Pocket Card Users Targeted in Sophisticated Phishing Campaign

A new phishing campaign targeting Japanese Pocket Card users has been uncovered by Symantec....

Albabat Ransomware Expands Reach to Target Linux and macOS Platforms

A recent report from Trend Micro has revealed that a new variant of the...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Ingress NGINX RCE Vulnerability Allows Attackers to Compromise Entire Cluster

A series of remote code execution (RCE) vulnerabilities known as "IngressNightmare" have been discovered...

Hackers Deploy Fake Semrush Ads to Steal Google Account Credentials

In a recent cybersecurity threat, hackers have been using fake Semrush ads to target...

Pocket Card Users Targeted in Sophisticated Phishing Campaign

A new phishing campaign targeting Japanese Pocket Card users has been uncovered by Symantec....