Infosys McCamish hack exposes data of over 6 million customers

The incident compromised the personal data of customers, including sensitive information such as Social Security Numbers and medical records, with unauthorised activity traced back to late October 2023.

Cyberattacks on US utilities have risen nearly 70%, posing a serious threat to the nation's infrastructure.

Last year, a cyberattack on Infosys McCamish Systems affected over six million customers, as revealed in a new filing with data protection authorities. The breach, first reported in February, was traced back to November 2023, with unauthorised activity occurring between 29 October and 2 November 2023.

The compromised data includes Social Security Numbers, birth dates, medical records, biometric data, email addresses, usernames and passwords, driver’s license or state ID numbers, financial account details, payment card information, passport numbers, tribal ID numbers, and US military ID numbers.

Infosys McCamish Systems, an outsourcing service provider for financial and insurance companies, began notifying affected customers on 27 June, several months after the incident. With the help of third-party eDiscovery experts, the company conducted a thorough review to identify the compromised personal information and its owners.

The company has informed impacted organisations and offers 24 months of credit monitoring to affected individuals, although there has yet to be evidence of stolen information being used fraudulently. The LockBit ransomware group is believed to be behind the attack, which encrypted over 2,000 computers. The stolen data is expected to be used for phishing and identity fraud.