infosys ransomware

IT consulting company Infosys yesterday confirmed it notified 6,078,263 people about an October 29, 2023 data breach that compromised customer data held by several of its clients including Bank of America, Fidelity, and Union Labor Life Insurance.

The attack targeted Infosys McCamish, a subsidiary of Infosys that focuses on life insurance. The compromised data likely varies by client, but it included Social Security numbers, dates of birth, medical records, biometric data, email addresses, passwords, driver’s license, financial account information, payment card info, passport numbers, tribal ID numbers, and military ID numbers, according to the notification.

Ransomware group LockBit claimed responsibility for the attack on November 4, 2023, saying it stole 50 GB of data. According to the post on LockBit’s leak site, Infosys offered LockBit $50,000 in exchange for not selling or publicly releasing the data. That offer was not enough to satisfy LockBit, which said it would sell the data at a starting bid of $500,000.

In April, Infosys announced $38 million in losses following the cybersecurity breach. At the time, it estimated (PDF) 6.5 million people were affected. It further mentioned phone numbers, usernames, policy numbers, and salaries were among the compromised data.

Comparitech contacted Infosys for comment and will update this article if it responds.

We recommend victims take advantage of the free identity theft monitoring service offered by Infosys via Kroll. Monitor your credit reports, bank statements, and medical bills for suspicious activity.

The data breach notification comes just one day after the CEO of Infosys settled an Indian regulator’s charge of failing to prevent insider trading.

Who is LockBit?

LockBit is one of the most high-profile ransomware gangs ever, with a slew of high-profile attacks under its belt.

Since 2018, we’ve tracked 411 confirmed attacks claimed by LockBit, affecting more than 18.5 million records. LockBit’s average ransom is $13.3 million. 47 of those attacks took place this year, and 209 occurred in 2023. We’ve also logged a further 359 unconfirmed claimed by LockBit this year so far.

LockBit recently claimed an attack on Evolve Bank & Trust, which caused a stir this week after it initially suggested it had hacked the Federal Reserve.

Ransomware attacks on US finance

A ransomware attack on a financial business, e.g. a bank, insurance company, or accounting firm, can bring down critical systems and put crucial sensitive data at risk.

In 2023, we tracked 54 attacks on US finance organizations, affecting 10,738,341 records. This makes the attack on Infosys the biggest of the year in this sector and the second biggest since we started recording ransomware attacks in 2018. The biggest was an attack on LoanDepot’s earlier this year (16,924,071 records), claimed by ALPHV/BlackCat.

So far this year we’ve logged 15 attacks on the US financial sector, affecting 17,185,102 records. A further 69 remain unconfirmed.

About Infosys McCamish

Infosys is the second biggest IT company in India. Infosys McCamish is its subsidiary.

Infosys McCamish makes software for life insurers. According to its website, it has 750 associates and 34 customers.