Another class action lawsuit was filed this month in the U.S. District Court for the Northern District of Georgia against Infosys’ BPO company, McCamish Systems LLC. The company disclosed the information in a filing with the U.S. Securities and Exchange Commission (SEC) on Wednesday night, weeks after the original lawsuit was filed.
McCamish originally suffered a cybersecurity incident in November 2023 that rendered certain applications and systems unavailable.
“On July 8, a separate class action complaint arising from the same incident was filed in the same court against McAmish. The complaint was purportedly filed on behalf of all US-resident individuals whose personal information was accessed and/or obtained by unauthorized third parties as a result of the incident. Separate from the aforementioned lawsuits, the Group is subject to lawsuits and claims arising in the ordinary course of its business,” the company said in its International Financial Reporting Standards (IFRS) report filed on July 18.
In a statement, the tech giant added that the group’s management does not expect such “routine” legal action to have a material adverse effect on its business or financial position.
The personal information of approximately 6.5 million people was compromised and exposed during this incident, including email and mailing addresses, phone numbers, dates of birth, Social Security and other identification numbers, usernames, passwords, financial and customer account numbers, insurance policy numbers, salaries, and personal medical information.
“However, not all information of all these individuals was accessed or exposed. McCamish has also identified corporate clients whose business data was subject to unauthorized access or exposure. We will notify affected clients and work with them to support their reporting obligations, as appropriate,” Infosys said in a BSE/NSE filing in April.
In an SEC filing in January, Infosys said it had initiated an incident response and engaged cybersecurity and other experts to assist with investigating, responding to and remediating the incident and restoring the affected applications and systems. “By December 31, 2023, McCamish, with the assistance of external experts, had remediated and restored the affected applications and systems,” the statement read.
The company reported a loss of Rs 2.5 billion in contract revenue and expenses to deal with repair, restoration and communication efforts.
McCamish added that a third-party cybersecurity firm analyzed the situation and said certain data, including customer data, was stolen by an unauthorized third party.
Three class action complaints were previously filed in the same court in March, May and June. After the first complaint was filed, McCamish moved to dismiss it in May. Following the timing of the filing of the second complaint, the plaintiffs in both class actions filed motions to consolidate the two lawsuits.
Infosys sent an email seeking comment on the CEO’s remarks during the company’s Q1FY25 earnings call. “McCamish is in the process of coordinating with the client to ensure all notices are provided. Additionally, we have notified the US state attorneys general and insurance commissioners,” Infosys CEO and MD Salil Parekh said.
X This is your last free article.
Source link
