Infosys McCamish Systems LLC, a subsidiary of the Indian IT giant Infosys Ltd based in the U.S., has agreed to pay a civil penalty of $125,000 due to a cybersecurity investigation by the New York Department of Financial Services (NYDFS). This action follows a ransomware attack in 2020 that compromised critical client data. The NYDFS highlighted that the Atlanta-based unit failed to report the incident promptly and lacked adequate cybersecurity measures as mandated by New York’s Cybersecurity Regulation.
The breach affected over 5 million consumer records, impacting clients, including a major life insurance company. Although there were no consumer complaints or confirmed data misuse, regulators pointed out the company’s failure to implement multi-factor authentication and timely patch management. The penalty was imposed after Infosys McCamish acknowledged deficiencies in its cybersecurity governance and agreed to enhance internal controls and conduct regular audits to prevent future breaches.
This enforcement underscores NYDFS’s commitment to stringent cybersecurity measures amid increasing digital threats affecting financial institutions and service providers. Infosys stated that it has fully cooperated with the investigation and has since bolstered its cybersecurity infrastructure, including upgraded authentication systems and real-time threat monitoring.
Experts in cybersecurity view this case as a crucial reminder for tech service providers handling sensitive financial data. With stricter regulations, compliance with data protection standards is expected to become a key operational focus for the IT services sector.
