Infosys McCamish Systems LLC, a US subsidiary of Infosys, has agreed to pay $17.5 million to settle claims related to a 2023 data breach that exposed the personal information of over 3.7 million individuals. The breach, which occurred between October 29 and November 2, 2023, compromised highly sensitive information, including Social Security numbers, medical details, and financial account records. The plaintiffs alleged that Infosys McCamish failed to maintain industry-standard cybersecurity protections, leaving customer information vulnerable to attack.
The settlement covers all individuals whose data was exposed during the breach, including those who received a notification letter. Eligible individuals may be entitled to reimbursement for actual losses, preventive credit monitoring, and residual cash payouts. Victims with documented financial losses can seek reimbursement of up to $6,000, while those without losses can access two years of complimentary credit monitoring. Additionally, all claimants may be eligible for a residual cash payment, currently estimated at $30 but capped at $599 per person.
The claims process is managed by Kroll Settlement Administration LLC, and filing can be done online or by mailing a paper form. The claim submission deadline is December 1, 2025, and the final approval hearing is scheduled for December 18, 2025. The court will make the final decision on settlement approval, and payouts and benefits will only be distributed after approval and resolution of any appeals.
The lawsuit, titled McNally, et al. v. Infosys McCamish Systems LLC, is being heard in the US District Court for the Northern District of Georgia. Class counsel includes attorneys from several law firms, while defense counsel for Infosys McCamish comes from Wilson Sonsini Goodrich & Rosati P.C. The settlement administrator has emphasized that fraudulent claims will harm eligible class members and are prohibited, and claimants are urged to provide accurate information under penalty of perjury.
The data breach has raised broader questions about data safety in the insurance and retirement industries, given McCamish’s partnerships with over 40 major insurance providers. The settlement highlights the importance of maintaining industry-standard cybersecurity protections to prevent such breaches and protect customer information. The case is a reminder that companies have a responsibility to safeguard sensitive information and that individuals have a right to expect their data to be protected.