Infosys unit in US to pay $125,000 penalty in cybersecurity probe

BENGALURU: Infosys McCamish Systems (IMS), a subsidiary of Infosys BPM, entered a stipulation and consent order with the State of Vermont’s Department of Financial Regulation (DFR) for failing to provide timely and accurate information during an investigation into a 2023 cybersecurity incident and delayed notifying affected data owners. Infosys McCamish Systems entered the stipulation and consent order to resolve the matter without a hearing. The order records that Infosys McCamish Systems does not admit the existence of the alleged violations.“Within 30 calendar days of the entry of this stipulation and consent order by the Commissioner, Infosys McCamish Systems is required to pay an administrative penalty of $125,000,” a recent stock exchange filing showed.In March, IMS agreed to contribute $17.5 million to a settlement fund to resolve class-action lawsuits related to the same cybersecurity breach. The settlement covers claims against IMS and several of its customers.McCamish Systems was impacted by a cybersecurity incident in 2023 that resulted in the non-availability of certain applications and systems in McCamish. Infosys McCamish is a platform-based BPO firm that provides services to the financial services sector, supporting life insurance and annuity products and retirement plans.