Infosys Data Breach Exposes Sensitive Employee Data via Third-Party Vendor A data breach at Infosys Ltd., a global IT services and consulting giant, has exposed sensitive personal and financial information of employees through a third-party vendor. The incident, traced to ESOP Direct the administrator of Infosys’ employee share scheme occurred on October 29, 2025, but was only disclosed to the Massachusetts Attorney General’s office on March 12, 2026. The breach compromised data belonging to at least 17 Massachusetts residents, though the total number of affected individuals across other states remains unspecified. Exposed information includes names, addresses, phone numbers, transaction receipts, bank identifier codes, payment amounts, bank account details, and government IDs. Infosys, headquartered in Bengaluru, India, is a Fortune 500 company with over 250,000 employees and operations in 50+ countries, providing IT services, digital banking solutions, and consulting. The firm, listed on the New York Stock Exchange, has faced scrutiny as legal teams investigate potential compensation claims for affected individuals. The incident highlights risks associated with third-party vendors handling sensitive employee data, particularly in global enterprises. Further details on the breach’s scope and remediation efforts are pending.

Infosys Limited's U.S. subsidiary, Infosys McCamish Systems LLC, experienced a significant data breach involving unauthorized access and data exfiltration that compromised personal information of approximately 6.5 million individuals in the U.S. The incident, claimed by the LockBit ransomware group, led to encryption of corporate systems and a ransom demand. Personal data leaked included names, Social Security numbers, financial accounts, and medical data of clients from major financial institutions. The breach led to substantial financial loss for Infosys, including $38 million in remediation costs and reputational damage.

India-based IT consulting giant, Infosys, has faced legal challenges due to a data breach in its U.S. subsidiary, McCamish Systems, during November 2023. This breach, which compromised the personal information of approximately 6.5 million individuals, affected customers of Bank of America and Fidelity Investment Life Insurance. A consolidated class action lawsuit was filed, claiming representation of all U.S. residents whose data was exposed. Infosys has agreed to a settle the matter with a $17.5 million payment, which aims to cover remediation efforts and legal claims, appeasing the affected customers and potentially mitigating further financial and reputational damage.