Infosys McCamish Data Breach Lawsuit Says 6M People Impacted by Nov. 2023 Ransomware Attack [UPDATE]

New to ClassAction.org? Read our Newswire Disclaimer

Insurance software provider Infosys McCamish Systems faces a proposed class action lawsuit over a November 2023 data breach that reportedly impacted roughly six million people.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 83-page Infosys McCamish Systems data breach lawsuit shares that the Atlanta-based defendant, which provides services to dozens of insurance companies, began to inform victims—current and former customers of Infosys’s clients—in June that some of its systems were “encrypted by ransomware,” reportedly between October 29 and November 2, 2023.

Upon investigation, Infosys McCamish Systems learned that Social Security numbers, dates of birth, medical treatment/record information, biometric data, email addresses and passwords, driver’s license numbers, state IDs, financial account details, payment card specifics, passport numbers, tribal ID numbers and U.S. military member ID numbers were compromised in the data breach, the complaint says.

Omitted from the Infosys McCamish Systems data breach notice letter, which began to go out to victims around June 27, 2024, were the identities of those behind the cyberattack, details of the root cause of the incident, the vulnerabilities exploited, and the measures taken to ensure such an incident does not happen again, the filing asserts.

“This ‘disclosure’ amounts to no real disclosure at all, as it fails to inform, with any degree of specificity, Plaintiff and Class Members of the Data Breach’s critical facts. Without these details, Plaintiff’s and Class Members’ ability to mitigate the harms resulting from the Data Breach is severely diminished.”

The filing contends that Infosys McCamish was targeted with a cyberattack due to its position as a software vendor that collects and stores highly valuable private information, which the case alleges was housed by the defendant in a “reckless manner.”

“In particular, the Private Information was used and transmitted by Defendant in a condition vulnerable to cyberattacks. Upon information and belief, the mechanism of the cyberattack and potential for improper disclosure of Plaintiff’s and Class Members’ Private Information was a known risk to Defendant, and thus, Defendant was on notice that failing to take steps necessary to secure the Private Information from those risks left that property in a dangerous condition.”

According to the complaint, the ransomware attack has exposed Infosys McCamish Systems data breach victims to a heightened risk of identity theft and fraud, and consumers must now and in the future closely monitor their identities and accounts.

The filing claims Infosys McCamish Systems failed to utilize reasonable security procedures and practices appropriate to the nature of the sensitive information in its care.

The Infosys McCamish Systems class action looks to cover all United States residents whose private information was accessed and/or acquired by an unauthorized party as a result of the data breach reported by Infosys in June 2024.

Are you owed unclaimed settlement money? Check out our class action rebates page full of open class action settlements.