Cyber Incident Victim: Infosys McCamish Systems

On or around November 1, 2023, Infosys McCamish Systems (IMS), a US-based subsidiary of Infosys, experienced a disruptive cybersecurity incident that compromised the availability of critical applications and systems. Infosys publicly disclosed the event on November 3, confirming operational disruptions at IMS due to the non-availability of affected infrastructure. The company initiated immediate response measures, including engaging a leading cybersecurity products provider to assist in resolving the incident. An independent investigation was launched to assess the scope of the breach, focusing on identifying compromised systems, evaluating data exposure risks, and determining potential impacts on IMS, other Infosys subsidiaries, and affiliated stakeholders. The cybersecurity event caused tangible business interruptions, though the parent company did not specify the duration or full extent of operational impairment at the time of disclosure.

Infosys emphasized data protection and cybersecurity as priorities while collaborating with external experts to restore systems and mitigate further damage. The investigation aimed to establish whether sensitive information was accessed or exfiltrated, though no conclusive findings were shared publicly in initial reports. The company notified investors about the breach, acknowledging its potential implications for business continuity and stakeholder trust. As a major global IT services provider with approximately 300,000 employees, Infosys highlighted the incident’s broader significance as a reminder of persistent cyber threats facing large enterprises despite sustained investments in defensive measures. The disruption underscored operational vulnerabilities inherent to interconnected digital infrastructures, with recovery efforts centered on system restoration and impact analysis without speculative attribution to threat actors or detailed disclosure of attack methodologies.