Badge
11,371 badges added since 01 January 2025
ISO 27001 Certificate
SOC 1 Type I Certificate
SOC 2 Type II Certificate
Apply now and get your badge!
PCI DSS
HIPAA
RGPD
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions

Infosys BPM Vendor Cyber Rating & Cyber Score

infosysbpm.com
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

Infosys BPM Ltd., the business process management subsidiary of Infosys Ltd. (NYSE: INFY), was set up in April 2002. Infosys BPM focuses on integrated end-to-end outsourcing and delivers transformational benefits to its clients through reduced costs, ongoing productivity improvements, and process re-engineering. Infosys BPM operates in India, Poland, the Czech Republic, the Netherlands, Ireland, South Africa, Brazil, Mexico, Costa Rica, the United States, Puerto Rico, China, the Philippines, Singapore, and Australia. Infosys BPM has been consistently ranked among the leading BPM companies and has received over 60 awards and recognitions in the last 5 years from key industry bodies and forums like the International Association of Outsourcing Professionals, Outsourcing Center, SSON, and NOA, among others. Infosys BPM also has very robust people practices, as substantiated by the various HR-specific awards it has won over the years. The company has consistently been ranked among the top employers of choice, on the basis of its industry-leading HR best practices. The company’s senior leaders contribute widely to industry forums as BPO strategists.

Infosys BPM A.I CyberSecurity Scoring

Infosys BPM

Company Details

Linkedin ID:

infosys-bpm

Website:

https://www.infosysbpm.com

Employees number:

43,598

Number of followers:

2,388,456

NAICS:

5415

Industry Type:

IT Services and IT Consulting

Homepage:

infosysbpm.com

IP Addresses:

0

Company ID:

INF_1064000

Scan Status:

In-progress

AI scoreInfosys BPM Risk Score (AI oriented)

Between 800 and 849

https://images.rankiteo.com/companyimages/infosys-bpm.jpeg
Infosys BPM IT Services and IT Consulting
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
Get a Score Increase
globalscoreInfosys BPM Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/infosys-bpm.jpeg
Infosys BPM IT Services and IT Consulting
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

Infosys BPM Company CyberSecurity News & History

Past Incidents
4
Attack Types
1
EntityTypeSeverityImpactSeenBlog DetailsSupply Chain SourceIncident DetailsView
Infosys BPMRansomware10046/2024NA
MCC449070624
Rankiteo Explanation :
Attack with significant impact with customers data leaks

Description: Infosys McCamish Systems experienced a data breach resulting from a LockBit ransomware attack, impacting over 6 million individuals. The breach saw unauthorized access to a substantial amount of sensitive personal data, including names, Social Security numbers, medical information, financial account information, and passport numbers. The incident led to the non-availability of certain applications and systems, and subsequent restoration and security measures resulted in at least $30 million in losses for the company. Additional costs are anticipated due to potential indemnities or damage claims.

Infosys BPMRansomware100511/2023NA
MCC019091825
Rankiteo Explanation :
Attack threatening the organization's existence

Description: On November 2, 2023, Infosys McCamish Systems, LLC fell victim to a ransomware attack that encrypted critical systems, compromising personal information of individuals. The exposed data included names, though the exact number of affected individuals remains undisclosed. The incident was formally reported to the California Office of the Attorney General on July 19, 2024, nearly eight months after the breach occurred. The delay in disclosure raises concerns about the company’s incident response timeline and potential risks to affected parties, such as identity theft or phishing attempts targeting the leaked personal details. While the full scope of the attack including whether additional sensitive data (e.g., financial records, Social Security numbers) was accessed has not been confirmed, the encryption of systems suggests operational disruptions. Ransomware attacks of this nature often involve threats of data exfiltration or permanent encryption unless a ransom is paid, though the report does not specify whether such demands were made or met.

Infosys BPMRansomware100410/2023NA
MCC150072725
Rankiteo Explanation :
Attack with significant impact with customers data leaks

Description: The Maine Office of the Attorney General reported that Infosys McCamish Systems, LLC (IMS) experienced a data breach involving ransomware, affecting the personal information of 11,866 Maine residents. The breach was discovered on November 2, 2023, and the company began notifying individuals on June 27, 2024. Approximately 6,078,263 individuals were affected in total and identity theft protection services were offered for 24 months via Kroll.

Infosys BPMRansomware10056/2023NA
MCC4892848092325
Rankiteo Explanation :
Attack threatening the organization’s existence

Description: In late 2023, Infosys McCamish Systems LLC suffered a ransomware attack that led to a massive data breach, compromising the personal, biometric, financial, and protected health information of approximately 3.7 million individuals in the U.S. The breach exposed sensitive data, resulting in a $17.5 million class-action settlement to address claims of identity theft risks, financial fraud, and inadequate security measures. Victims were offered up to $6,000 in reimbursements for documented losses (e.g., fraud, legal fees, credit monitoring) and two years of credit monitoring with $1 million identity theft insurance. The lawsuit alleged failure to protect data and delayed breach notifications, though the company denied liability. The attack’s scale and the highly sensitive nature of leaked data including health and financial records posed severe risks to affected individuals, leading to legal and reputational consequences for the company.

Infosys McCamish Systems
Ransomware
Severity: 100
Impact: 4
Seen: 6/2024
Blog:
Supply Chain Source: NA
MCC449070624
Rankiteo Explanation
Attack with significant impact with customers data leaks

Description: Infosys McCamish Systems experienced a data breach resulting from a LockBit ransomware attack, impacting over 6 million individuals. The breach saw unauthorized access to a substantial amount of sensitive personal data, including names, Social Security numbers, medical information, financial account information, and passport numbers. The incident led to the non-availability of certain applications and systems, and subsequent restoration and security measures resulted in at least $30 million in losses for the company. Additional costs are anticipated due to potential indemnities or damage claims.

Infosys McCamish Systems, LLC
Ransomware
Severity: 100
Impact: 5
Seen: 11/2023
Blog:
Supply Chain Source: NA
MCC019091825
Rankiteo Explanation
Attack threatening the organization's existence

Description: On November 2, 2023, Infosys McCamish Systems, LLC fell victim to a ransomware attack that encrypted critical systems, compromising personal information of individuals. The exposed data included names, though the exact number of affected individuals remains undisclosed. The incident was formally reported to the California Office of the Attorney General on July 19, 2024, nearly eight months after the breach occurred. The delay in disclosure raises concerns about the company’s incident response timeline and potential risks to affected parties, such as identity theft or phishing attempts targeting the leaked personal details. While the full scope of the attack including whether additional sensitive data (e.g., financial records, Social Security numbers) was accessed has not been confirmed, the encryption of systems suggests operational disruptions. Ransomware attacks of this nature often involve threats of data exfiltration or permanent encryption unless a ransom is paid, though the report does not specify whether such demands were made or met.

Infosys McCamish Systems, LLC
Ransomware
Severity: 100
Impact: 4
Seen: 10/2023
Blog:
Supply Chain Source: NA
MCC150072725
Rankiteo Explanation
Attack with significant impact with customers data leaks

Description: The Maine Office of the Attorney General reported that Infosys McCamish Systems, LLC (IMS) experienced a data breach involving ransomware, affecting the personal information of 11,866 Maine residents. The breach was discovered on November 2, 2023, and the company began notifying individuals on June 27, 2024. Approximately 6,078,263 individuals were affected in total and identity theft protection services were offered for 24 months via Kroll.

Infosys McCamish Systems LLC
Ransomware
Severity: 100
Impact: 5
Seen: 6/2023
Blog:
Supply Chain Source: NA
MCC4892848092325
Rankiteo Explanation
Attack threatening the organization’s existence

Description: In late 2023, Infosys McCamish Systems LLC suffered a ransomware attack that led to a massive data breach, compromising the personal, biometric, financial, and protected health information of approximately 3.7 million individuals in the U.S. The breach exposed sensitive data, resulting in a $17.5 million class-action settlement to address claims of identity theft risks, financial fraud, and inadequate security measures. Victims were offered up to $6,000 in reimbursements for documented losses (e.g., fraud, legal fees, credit monitoring) and two years of credit monitoring with $1 million identity theft insurance. The lawsuit alleged failure to protect data and delayed breach notifications, though the company denied liability. The attack’s scale and the highly sensitive nature of leaked data including health and financial records posed severe risks to affected individuals, leading to legal and reputational consequences for the company.

Ailogo

Infosys BPM Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

🔒
Incident Predictions locked
Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

🔒
A.I. Risk Score Predictions locked
Access Monitoring Plan
statics

Underwriter Stats for Infosys BPM

Incidents vs IT Services and IT Consulting Industry Average (This Year)

No incidents recorded for Infosys BPM in 2026.

Incidents vs All-Companies Average (This Year)

No incidents recorded for Infosys BPM in 2026.

Incident Types Infosys BPM vs IT Services and IT Consulting Industry Avg (This Year)

No incidents recorded for Infosys BPM in 2026.

Incident History — Infosys BPM (X = Date, Y = Severity)

Infosys BPM cyber incidents detection timeline including parent company and subsidiaries

Infosys BPM Company Subsidiaries

SubsidiaryImage

Infosys BPM Ltd., the business process management subsidiary of Infosys Ltd. (NYSE: INFY), was set up in April 2002. Infosys BPM focuses on integrated end-to-end outsourcing and delivers transformational benefits to its clients through reduced costs, ongoing productivity improvements, and process re-engineering. Infosys BPM operates in India, Poland, the Czech Republic, the Netherlands, Ireland, South Africa, Brazil, Mexico, Costa Rica, the United States, Puerto Rico, China, the Philippines, Singapore, and Australia. Infosys BPM has been consistently ranked among the leading BPM companies and has received over 60 awards and recognitions in the last 5 years from key industry bodies and forums like the International Association of Outsourcing Professionals, Outsourcing Center, SSON, and NOA, among others. Infosys BPM also has very robust people practices, as substantiated by the various HR-specific awards it has won over the years. The company has consistently been ranked among the top employers of choice, on the basis of its industry-leading HR best practices. The company’s senior leaders contribute widely to industry forums as BPO strategists.

similarCompanies

Infosys BPM Similar Companies

Mastercard
mastercard.com

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re building a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Ou

Security Report Compare

Avanade is the world’s leading expert on Microsoft. Trusted by over 7,000 clients worldwide, we deliver AI-driven solutions that unlock the full potential of people and technology, optimize operations, foster innovation and drive growth. As Microsoft’s Global SI Partner we combine global scale with

Security Report Compare
Gainwell Technologies
gainwelltechnologies.com

For 50 years, our nation’s federal Medicaid program has worked to improve the health, safety and well-being of America’s most vulnerable populations: low-income families, women and children, seniors, and those with disabilities. With positive health and cost outcomes that pierce inequities and impac

Security Report Compare
Mphasis
mphasis.com

A leading applied technology services company, we innovate to deliver service excellence and successful outcomes across sales, delivery and development. With our strategy to be agile, nimble and customer-centric, we anticipate the future of applied technology and predict tomorrow’s trends to keep ou

Security Report Compare
Amazon Web Services (AWS)
amazon.com

Launched in 2006, Amazon Web Services (AWS) began exposing key infrastructure services to businesses in the form of web services -- now widely known as cloud computing. The ultimate benefit of cloud computing, and AWS, is the ability to leverage a new business model and turn capital infrastructure e

Security Report Compare
Diebold Nixdorf
DieboldNixdorf.com

Diebold Nixdorf automates, digitizes and transforms the way people bank and shop. Its integrated solutions connect digital and physical channels conveniently, securely and efficiently for millions of consumers every day. As an innovation partner for nearly all of the world's top 100 financial inst

Security Report Compare

VOIS (Vodafone Intelligent Solutions) is a strategic arm of Vodafone Group Plc, creating value for customers by delivering intelligent solutions through Talent, Technology & Transformation. As the largest shared services organisation in the global telco industry, our portfolio of next-generation s

Security Report Compare
Canon EMEA
canon-europe.com

We are Canon Europe. We are the world's best imaging company. This page represents our offices in Europe, the Middle East and Africa. Founded in 1937, the desire to continuously innovate has kept Canon at the forefront of imaging excellence throughout its 85-year history and has commitments to inve

Security Report Compare
Allianz Technology
allianz.com

With its headquarters in Munich, Germany, Allianz Technology is Allianz's global IT service provider and delivers IT solutions that drive the group's digitalization. With more than 11,000 employees in more than 20 countries around the world, Allianz Technology is tasked to run, optimize, transform,

Security Report Compare
newsone

Infosys BPM CyberSecurity News

December 21, 2025 08:00 AM
Infosys gets final nod from US court for McCamish settlement

The settlement will resolve all class-action suits and the fallout from the data breach that occurred due to a ransomware attack at Infosys...

Read Article
August 11, 2025 07:00 AM
Bengaluru Job Alert: Infosys BPM Recruitment Drive Tomorrow; Walk-In Interviews in Bengaluru Aug 12

Infosys BPM will host a walk-in interview on August 12 in Bengaluru, seeking candidates for technology support and AI roles.

Read Article
August 06, 2025 07:00 AM
Infosys Unveils Advanced AI and Cybersecurity Center in Hubballi, Boosting Regional Innovation

Infosys has opened a new Center for Advanced AI, Cybersecurity, and Space Technology at its Hubballi Development Center in North Karnataka.

Read Article
July 14, 2025 07:00 AM
Infosys unit in US to pay $125,000 penalty in cybersecurity probe

BENGALURU: Infosys McCamish Systems (IMS), a subsidiary of Infosys BPM, entered a stipulation and consent order with the State of Vermont's...

Read Article
July 14, 2025 07:00 AM
Infosys McCamish to pay $125,000 penalty in US cybersecurity breach case

Infosys McCamish Systems (IMS), a subsidiary of Infosys BPM, and the State of Vermont, Department of Financial Regulation (DFR) have entered...

Read Article
July 14, 2025 07:00 AM
Bad news for Narayana Murthy, Infosys to pay fine of Rs 10000000 for not providing…, IT company enters into…

Under the proposed terms, Narayana Murthy led Infosys McCamish Systems had agreed to pay USD 17.5 million into a fund to settle all the...

Read Article
July 07, 2025 07:00 AM
TH Global Capital Closes 4 Major M&A Deals in Australia in 4 Months Including the Sale of The Missing Link to Infosys

TH Global Capital, an award-winning global boutique investment bank with a presence in 13 countries, has closed four high profile deals in...

Read Article
June 18, 2025 07:00 AM
How Palo Alto Networks and Infosys are leading with AI in cybersecurity

In this Leaders Speak edition, Brijesh Balakrishnan (VP & Global Head of Cybersecurity, Infosys) and Kristy Fredericks (Chief Partnership...

Read Article
May 02, 2025 07:00 AM
Infosys completes acquisition of Australian cybersecurity firm The Missing Link

The acquisition strengthens Infosys' cybersecurity capabilities while bolstering its presence in the fast-growing Australian market,...

Read Article
faq

Frequently Asked Questions

Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.

Infosys BPM CyberSecurity History Information

Official Website of Infosys BPM

The official website of Infosys BPM is https://www.infosysbpm.com.

Infosys BPM’s AI-Generated Cybersecurity Score

According to Rankiteo, Infosys BPM’s AI-generated cybersecurity score is 814, reflecting their Good security posture.

How many security badges does Infosys BPM’ have ?

According to Rankiteo, Infosys BPM currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has Infosys BPM been affected by any supply chain cyber incidents ?

According to Rankiteo, Infosys BPM has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.

Does Infosys BPM have SOC 2 Type 1 certification ?

According to Rankiteo, Infosys BPM is not certified under SOC 2 Type 1.

Does Infosys BPM have SOC 2 Type 2 certification ?

According to Rankiteo, Infosys BPM does not hold a SOC 2 Type 2 certification.

Does Infosys BPM comply with GDPR ?

According to Rankiteo, Infosys BPM is not listed as GDPR compliant.

Does Infosys BPM have PCI DSS certification ?

According to Rankiteo, Infosys BPM does not currently maintain PCI DSS compliance.

Does Infosys BPM comply with HIPAA ?

According to Rankiteo, Infosys BPM is not compliant with HIPAA regulations.

Does Infosys BPM have ISO 27001 certification ?

According to Rankiteo,Infosys BPM is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Industry Classification of Infosys BPM

Infosys BPM operates primarily in the IT Services and IT Consulting industry.

Number of Employees at Infosys BPM

Infosys BPM employs approximately 43,598 people worldwide.

Subsidiaries Owned by Infosys BPM

Infosys BPM presently has no subsidiaries across any sectors.

Infosys BPM’s LinkedIn Followers

Infosys BPM’s official LinkedIn profile has approximately 2,388,456 followers.

NAICS Classification of Infosys BPM

Infosys BPM is classified under the NAICS code 5415, which corresponds to Computer Systems Design and Related Services.

Infosys BPM’s Presence on Crunchbase

No, Infosys BPM does not have a profile on Crunchbase.

Infosys BPM’s Presence on LinkedIn

Yes, Infosys BPM maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/infosys-bpm.

Cybersecurity Incidents Involving Infosys BPM

As of March 28, 2026, Rankiteo reports that Infosys BPM has experienced 4 cybersecurity incidents.

Number of Peer and Competitor Companies

Infosys BPM has an estimated 39,819 peer or competitor companies worldwide.

What types of cybersecurity incidents have occurred at Infosys BPM ?

Incident Types: The types of cybersecurity incidents that have occurred include Ransomware.

What was the total financial impact of these incidents on Infosys BPM ?

Total Financial Loss: The total financial loss from these incidents is estimated to be $47.50 million.

How does Infosys BPM detect and respond to cybersecurity incidents ?

Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with kroll, and incident response plan activated with yes (settlement implies post-breach actions), and third party assistance with kroll settlement administration llc (claims processing), and remediation measures with class action settlement ($17.5m), remediation measures with credit monitoring for affected individuals, and communication strategy with settlement notices to class members, communication strategy with public disclosure via settlement website..

Incident Details

Can you provide details on each incident ?

Incident : Data Breach

measurementExposure impactImpact

Title: Infosys McCamish Systems Data Breach

Description: Infosys McCamish Systems experienced a data breach resulting from a LockBit ransomware attack, impacting over 6 million individuals. The breach saw unauthorized access to a substantial amount of sensitive personal data, including names, Social Security numbers, medical information, financial account information, and passport numbers. The incident led to the non-availability of certain applications and systems, and subsequent restoration and security measures resulted in at least $30 million in losses for the company. Additional costs are anticipated due to potential indemnities or damage claims.

Type: Data Breach

Attack Vector: Ransomware

Threat Actor: LockBit

Incident : Data Breach

measurementExposure impactImpact

Title: Infosys McCamish Systems Data Breach

Description: Infosys McCamish Systems, LLC (IMS) experienced a data breach involving ransomware, affecting the personal information of 11,866 Maine residents. The breach was discovered on November 2, 2023, and the company began notifying individuals on June 27, 2024. Approximately 6,078,263 individuals were affected in total and identity theft protection services were offered for 24 months via Kroll.

Date Detected: 2023-11-02

Date Publicly Disclosed: 2024-06-27

Type: Data Breach

Attack Vector: Ransomware

Incident : ransomware

measurementExposure impactImpact

Title: Ransomware Incident at Infosys McCamish Systems, LLC

Description: The California Office of the Attorney General reported that Infosys McCamish Systems, LLC experienced a ransomware incident that encrypted certain systems on November 2, 2023. The breach affected personal information, including names, of individuals; however, the specific number of individuals affected is unknown.

Date Detected: 2023-11-02

Date Publicly Disclosed: 2024-07-19

Type: ransomware

Incident : Data Breach

measurementExposure impactImpact

Title: Infosys McCamish Systems LLC Ransomware Attack and Data Breach (2023)

Description: Infosys McCamish Systems LLC experienced a ransomware attack in late 2023, compromising the personal, biometric, financial, and protected health information of approximately 3.7 million individuals. The company agreed to a $17.5 million class action settlement to resolve allegations of inadequate data protection and delayed breach notification.

Date Detected: 2023-10-29

Type: Data Breach

Attack Vector: Ransomware

Motivation: Financial GainData Theft

What are the most common types of attacks the company has faced ?

Common Attack Types: The most common types of attacks the company has faced is Ransomware.

Impact of the Incidents

What was the impact of each incident ?

Incident : Data Breach MCC449070624

Financial Loss: $30 million

Data Compromised: Names, Social security numbers, Medical information, Financial account information, Passport numbers

Systems Affected: certain applications and systems

Legal Liabilities: potential indemnities or damage claims

Incident : Data Breach MCC150072725

Data Compromised: Personal Information

Identity Theft Risk: High

Incident : ransomware MCC019091825

Data Compromised: Personal information (including names)

Systems Affected: certain systems (encrypted)

Identity Theft Risk: potential (personal information exposed)

Incident : Data Breach MCC4892848092325

Financial Loss: $17.5 million (settlement fund)

Data Compromised: Personal information, Biometric data, Financial information, Protected health information (phi)

Customer Complaints: Class action lawsuit filed by affected individuals

Brand Reputation Impact: Significant (class action settlement, public disclosure of breach)

Legal Liabilities: $17.5 million settlement, attorneys' fees up to $5.83 million, potential regulatory fines

Identity Theft Risk: High (3.7 million individuals affected, credit monitoring offered)

Payment Information Risk: Yes (financial information compromised)

What is the average financial loss per incident ?

Average Financial Loss: The average financial loss per incident is $11.88 million.

What types of data are most commonly compromised in incidents ?

Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Social Security Numbers, Medical Information, Financial Account Information, Passport Numbers, , Personal Information, Personal Information (Names), , Personal Information, Biometric Data, Financial Information, Protected Health Information (Phi) and .

Which entities were affected by each incident ?

Incident : Data Breach MCC449070624

Entity Name: Infosys McCamish Systems

Entity Type: Company

Industry: Technology

Customers Affected: over 6 million individuals

Incident : Data Breach MCC150072725

Entity Name: Infosys McCamish Systems, LLC

Entity Type: Company

Industry: Technology

Customers Affected: 6078263

Incident : ransomware MCC019091825

Entity Name: Infosys McCamish Systems, LLC

Entity Type: company

Customers Affected: unknown

Incident : Data Breach MCC4892848092325

Entity Name: Infosys McCamish Systems LLC

Entity Type: Subsidiary (BPO/IT Services)

Industry: Information Technology, Business Process Outsourcing, Insurance Services

Location: United States

Customers Affected: 3.7 million individuals

Response to the Incidents

What measures were taken in response to each incident ?

Incident : Data Breach MCC150072725

Third Party Assistance: Kroll

Incident : Data Breach MCC4892848092325

Incident Response Plan Activated: Yes (settlement implies post-breach actions)

Third Party Assistance: Kroll Settlement Administration Llc (Claims Processing).

Remediation Measures: Class action settlement ($17.5M)Credit monitoring for affected individuals

Communication Strategy: Settlement notices to class membersPublic disclosure via settlement website

What is the company's incident response plan?

Incident Response Plan: The company's incident response plan is described as Yes (settlement implies post-breach actions).

How does the company involve third-party assistance in incident response ?

Third-Party Assistance: The company involves third-party assistance in incident response through Kroll, Kroll Settlement Administration LLC (claims processing), .

Data Breach Information

What type of data was compromised in each breach ?

Incident : Data Breach MCC449070624

Type of Data Compromised: Names, Social security numbers, Medical information, Financial account information, Passport numbers

Number of Records Exposed: over 6 million

Sensitivity of Data: high

Personally Identifiable Information: namesSocial Security numberspassport numbers

Incident : Data Breach MCC150072725

Type of Data Compromised: Personal Information

Number of Records Exposed: 6078263

Sensitivity of Data: High

Incident : ransomware MCC019091825

Type of Data Compromised: Personal information (names)

Number of Records Exposed: unknown

Sensitivity of Data: moderate (personal identifiers)

Data Encryption: yes (ransomware encryption)

Personally Identifiable Information: yes (names)

Incident : Data Breach MCC4892848092325

Type of Data Compromised: Personal information, Biometric data, Financial information, Protected health information (phi)

Number of Records Exposed: 3,700,000

Sensitivity of Data: High (includes PHI, biometrics, financial data)

Data Exfiltration: Yes

Personally Identifiable Information: NamesAddressesSocial Security NumbersBiometric DataFinancial Account InformationHealth Records

What measures does the company take to prevent data exfiltration ?

Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Class action settlement ($17.5M), Credit monitoring for affected individuals, .

Ransomware Information

Was ransomware involved in any of the incidents ?

Incident : Data Breach MCC449070624

Ransomware Strain: LockBit

Incident : ransomware MCC019091825

Data Encryption: yes

Incident : Data Breach MCC4892848092325

Data Encryption: Yes (implied by ransomware attack)

Data Exfiltration: Yes

Regulatory Compliance

Were there any regulatory violations and fines imposed for each incident ?

Incident : ransomware MCC019091825

Regulatory Notifications: California Office of the Attorney General (reported on 2024-07-19)

Incident : Data Breach MCC4892848092325

Regulations Violated: Potential HIPAA (PHI exposure), State data breach notification laws (untimely notice),

Legal Actions: Class action lawsuit (settled for $17.5M),

How does the company ensure compliance with regulatory requirements ?

Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Class action lawsuit (settled for $17.5M), .

References

Where can I find more information about each incident ?

Incident : Data Breach MCC150072725

Source: Maine Office of the Attorney General

Incident : ransomware MCC019091825

Source: California Office of the Attorney General

Date Accessed: 2024-07-19

Incident : Data Breach MCC4892848092325

Source: Class Action Settlement Notice (McNally v. Infosys McCamish Systems LLC)

Incident : Data Breach MCC4892848092325

Source: Kroll Settlement Administration LLC

Where can stakeholders find additional resources on cybersecurity best practices ?

Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Maine Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2024-07-19, and Source: Class Action Settlement Notice (McNally v. Infosys McCamish Systems LLC), and Source: Kroll Settlement Administration LLC.

Investigation Status

What is the current status of the investigation for each incident ?

Incident : Data Breach MCC4892848092325

Investigation Status: Settled (class action lawsuit resolved)

How does the company communicate the status of incident investigations to stakeholders ?

Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Settlement Notices To Class Members and Public Disclosure Via Settlement Website.

Stakeholder and Customer Advisories

Were there any advisories issued to stakeholders or customers for each incident ?

Incident : Data Breach MCC4892848092325

Stakeholder Advisories: Settlement Notices Sent To 3.7M Affected Individuals.

Customer Advisories: Credit monitoring offered (2 years, $1M identity theft insurance)Cash payments up to $6,000 for documented losses$30 residual cash payment per claimant

What advisories does the company provide to stakeholders and customers following an incident ?

Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Settlement Notices Sent To 3.7M Affected Individuals, Credit Monitoring Offered (2 Years, $1M Identity Theft Insurance), Cash Payments Up To $6,000 For Documented Losses, $30 Residual Cash Payment Per Claimant and .

Initial Access Broker

How did the initial access broker gain entry for each incident ?

Incident : Data Breach MCC4892848092325

High Value Targets: Personal Data, Biometric Data, Financial Data, Phi,

Data Sold on Dark Web: Personal Data, Biometric Data, Financial Data, Phi,

Post-Incident Analysis

What were the root causes and corrective actions taken for each incident ?

Incident : Data Breach MCC4892848092325

Root Causes: Inadequate Data Protection Measures, Delayed Breach Notification,

Corrective Actions: $17.5M Settlement Fund, Credit Monitoring For Affected Individuals, Legal Compliance Improvements (Implied),

What is the company's process for conducting post-incident analysis ?

Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Kroll, Kroll Settlement Administration Llc (Claims Processing), .

What corrective actions has the company taken based on post-incident analysis ?

Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: $17.5M Settlement Fund, Credit Monitoring For Affected Individuals, Legal Compliance Improvements (Implied), .

Additional Questions

General Information

Who was the attacking group in the last incident ?

Last Attacking Group: The attacking group in the last incident was an LockBit.

Incident Details

What was the most recent incident detected ?

Most Recent Incident Detected: The most recent incident detected was on 2023-11-02.

What was the most recent incident publicly disclosed ?

Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-07-19.

Impact of the Incidents

What was the highest financial loss from an incident ?

Highest Financial Loss: The highest financial loss from an incident was $30 million.

What was the most significant data compromised in an incident ?

Most Significant Data Compromised: The most significant data compromised in an incident were names, Social Security numbers, medical information, financial account information, passport numbers, , Personal Information, personal information (including names), , Personal Information, Biometric Data, Financial Information, Protected Health Information (PHI) and .

Response to the Incidents

What third-party assistance was involved in the most recent incident ?

Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Kroll, kroll settlement administration llc (claims processing), .

Data Breach Information

What was the most sensitive data compromised in a breach ?

Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Protected Health Information (PHI), personal information (including names), Financial Information, names, medical information, Social Security numbers, passport numbers, Biometric Data, financial account information and Personal Information.

What was the number of records exposed in the most significant breach ?

Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 9.7M.

Regulatory Compliance

What was the most significant legal action taken for a regulatory violation ?

Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Class action lawsuit (settled for $17.5M), .

References

What is the most recent source of information about an incident ?

Most Recent Source: The most recent source of information about an incident are Class Action Settlement Notice (McNally v. Infosys McCamish Systems LLC), Maine Office of the Attorney General, Kroll Settlement Administration LLC and California Office of the Attorney General.

Investigation Status

What is the current status of the most recent investigation ?

Current Status of Most Recent Investigation: The current status of the most recent investigation is Settled (class action lawsuit resolved).

Stakeholder and Customer Advisories

What was the most recent stakeholder advisory issued ?

Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Settlement notices sent to 3.7M affected individuals, .

What was the most recent customer advisory issued ?

Most Recent Customer Advisory: The most recent customer advisory issued were an Credit monitoring offered (2 years, $1M identity theft insurance)Cash payments up to $6 and000 for documented losses$30 residual cash payment per claimant.

cve

Latest Global CVEs (Not Company-Specific)

Description

A flaw has been found in wandb OpenUI up to 1.0. This affects the function create_share/get_share of the file backend/openui/server.py of the component HTMLAnnotator Component. Executing a manipulation of the argument ID can lead to HTML injection. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published
Date
2026-03-27
Updated
Date
2026-03-27
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

A vulnerability was detected in QDOCS Smart School Management System up to 7.2. The impacted element is an unknown function of the file /admin/enquiry of the component Admission Enquiry Module. Performing a manipulation of the argument Note results in cross site scripting. The attack is possible to be carried out remotely.

Published
Date
2026-03-27
Updated
Date
2026-03-27
Risk Information
cvss2
Base: 4.0
Severity: LOW
AV:N/AC:L/Au:S/C:N/I:P/A:N
cvss3
Base: 3.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
cvss4
Base: 5.1
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.2. This is due to the '{usermeta:password_reset_link}' template tag being processed within post content via the '[um_loggedin]' shortcode, which generates a valid password reset token for the currently logged-in user viewing the page. This makes it possible for authenticated attackers, with Contributor-level access and above, to craft a malicious pending post that, when previewed by an Administrator, generates a password reset token for the Administrator and exfiltrates it to an attacker-controlled server, leading to full account takeover.

Published
Date
2026-03-27
Updated
Date
2026-03-27
Risk Information
cvss3
Base: 8.0
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
References
Description

LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the code expected a string. This was fixed in v3.3.0. A workaround is available. Users importing keys through a JWK file should not do so from untrusted sources. Use the `jwk2key` tool to check for validity of a JWK file. Likewise, if possible, do not use JWK files with RSA-PSS keys.

Published
Date
2026-03-27
Updated
Date
2026-03-27
Risk Information
cvss4
Base: 5.8
Severity: HIGH
CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:A/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Starting in version 2.0.39 and prior to version 3.0.25, a prototype pollution vulnerability exists in the `parse_str` function of the npm package locutus. An attacker can pollute `Object.prototype` by overriding `RegExp.prototype.test` and then passing a crafted query string to `parse_str`, bypassing the prototype pollution guard. This vulnerability stems from an incomplete fix for CVE-2026-25521. The CVE-2026-25521 patch replaced the `String.prototype.includes()`-based guard with a `RegExp.prototype.test()`-based guard. However, `RegExp.prototype.test` is itself a writable prototype method that can be overridden, making the new guard bypassable in the same way as the original — trading one hijackable built-in for another. Version 3.0.25 contains an updated fix.

Published
Date
2026-03-27
Updated
Date
2026-03-27
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References

Access Data Using Our API

SubsidiaryImage

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=infosys-bpm' -H 'apikey: YOUR_API_KEY_HERE'
Try It API Documentation rapidRapid

What Do We Measure ?

revertimgrevertimgrevertimgrevertimg
Incident
revertimgrevertimgrevertimgrevertimg
Finding
revertimgrevertimgrevertimgrevertimg
Grade
revertimgrevertimgrevertimgrevertimg
Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network Security

Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)

Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)

Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat Intelligence

Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Top LeftTop RightBottom LeftBottom Right
Rankiteo
By Rankiteo
View on G2.com
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
View latest plans → View all security reports →
Users Love Us Badge