Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Infosys McCamish Systems

Infosys McCamish Systems Vendor Cyber Rating & Cyber Score

infosysbpm.com

Infosys McCamish Systems, a U.S. based subsidiary of Infosys BPM, a part of Infosys (NYSE: INFY), is a leader in providing best in class technology platforms and service solutions for the financial services industry. With deep domain experience with Life Insurance companies, worksite product providers and retirement companies globally, we partner with our clients to help them stay ahead of the innovation curve. Infosys McCamish Systems offers flexible solutions through business process outsourcing, software as a service, and license models. Our clients can choose from one of these service models or operate with a combination of these models as their needs evolve. Our technology platforms and services combined with execution excellence


IMS A.I CyberSecurity Scoring

IMS
Company Information
Website:https://www.infosysbpm.com/mccamish.html
Employees number:483
Number of followers:21,031
NAICS:524
Industry Type:Insurance
Homepage:infosysbpm.com
IMS Risk Score (AI oriented)
Between 0 and 549
logo
IMSInsurance
Updated:
03/04/2026
100/1000
Critical
C
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
IMS Global Score (TPRM)
xxxx
logo
IMSInsurance
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

IMS
IMSCritical
Current Score
100C (CRITICAL)
01000
5 incidents
0 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
100Before Incident
JUNE 2026
100Before Incident
MAY 2026
100Before Incident
APRIL 2026
100Before Incident
MARCH 2026
100Before Incident
FEBRUARY 2026
100Before Incident
JANUARY 2026
100Before Incident
DECEMBER 2025
100Before Incident
NOVEMBER 2025
100Before Incident
Breach
05 Nov 2025IMS
Ernst & Young (EY)

Ernst & Young (EY) Exposes 4TB Database Backup on Public Internet

100After Incident
HIGH0
ERN0755607110525
Ernst & Young (EY), a global accounting and consulting firm, inadvertently exposed a 4-terabyte (TB) SQL Server database backup on the public internet. The unsecured .BAK file, discovered by a Neo Security researcher, contained highly sensitive internal data, including database schemas, stored procedures, API keys, session tokens, user credentials, and service account passwords—effectively a 'master blueprint' to EY’s digital infrastructure. While EY confirmed the exposure and claimed no client, personal, or confidential data was compromised, the incident stemmed from an acquired entity under EY Italy, disconnected from its global systems. The file remained accessible for an estimated week before remediation, raising concerns about potential access by malicious actors. EY’s response was praised for professionalism, though the delayed fix highlighted operational vulnerabilities. The exposure risked unauthorized access to critical systems, credential theft, and potential lateral movement within EY’s network, though the firm asserted no evidence of exploitation.
INCIDENT DETAILS -
TYPE
data exposuremisconfiguration
IMPACT
internal database schemastored proceduresAPI keyssession tokensuser credentialsservice account passwordsSQL Server database backup (.BAK file)Brand Reputation Impact: potential reputational harm due to exposure of sensitive internal dataIdentity Theft Risk: high (due to exposed credentials and tokens)
DATA BREACH
internal database schemastored proceduresAPI keyssession tokensuser credentialsservice account passwordsSensitivity Of Data: high (internal credentials, tokens, and technical blueprints)Data Exfiltration: unknown (assumed possible due to public exposure)Data Encryption: no (file was unprotected).BAK (SQL Server backup)Personally Identifiable Information: no (per EY's statement)
OCTOBER 2025
100Before Incident
SEPTEMBER 2025
100Before Incident
AUGUST 2025
100Before Incident
JUNE 2024
100Before Incident
Ransomware
01 Jun 2024IMS
Infosys McCamish Systems

Infosys McCamish Systems Data Breach

100After Incident
CRITICAL0
MCC449070624
Infosys McCamish Systems experienced a data breach resulting from a LockBit ransomware attack, impacting over 6 million individuals. The breach saw unauthorized access to a substantial amount of sensitive personal data, including names, Social Security numbers, medical information, financial account information, and passport numbers. The incident led to the non-availability of certain applications and systems, and subsequent restoration and security measures resulted in at least $30 million in losses for the company. Additional costs are anticipated due to potential indemnities or damage claims.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
Financial Loss: $30 millionnamesSocial Security numbersmedical informationfinancial account informationpassport numbersSystems Affected: certain applications and systemsLegal Liabilities: potential indemnities or damage claims
DATA BREACH
namesSocial Security numbersmedical informationfinancial account informationpassport numbersNumber Of Records Exposed: over 6 millionSensitivity Of Data: highnamesSocial Security numberspassport numbers
NOVEMBER 2023
130Before Incident
Ransomware
02 Nov 2023IMS
Infosys McCamish Systems, LLC

Ransomware Incident at Infosys McCamish Systems, LLC

100After Incident
CRITICAL-30
MCC019091825
On November 2, 2023, Infosys McCamish Systems, LLC fell victim to a ransomware attack that encrypted critical systems, compromising personal information of individuals. The exposed data included names, though the exact number of affected individuals remains undisclosed. The incident was formally reported to the California Office of the Attorney General on July 19, 2024, nearly eight months after the breach occurred. The delay in disclosure raises concerns about the company’s incident response timeline and potential risks to affected parties, such as identity theft or phishing attempts targeting the leaked personal details. While the full scope of the attack—including whether additional sensitive data (e.g., financial records, Social Security numbers) was accessed—has not been confirmed, the encryption of systems suggests operational disruptions. Ransomware attacks of this nature often involve threats of data exfiltration or permanent encryption unless a ransom is paid, though the report does not specify whether such demands were made or met.
INCIDENT DETAILS -
TYPE
ransomware
IMPACT
personal information (including names)Systems Affected: certain systems (encrypted)Identity Theft Risk: potential (personal information exposed)
DATA BREACH
personal information (names)Number Of Records Exposed: unknownSensitivity Of Data: moderate (personal identifiers)Data Encryption: yes (ransomware encryption)Personally Identifiable Information: yes (names)
OCTOBER 2023
429Before Incident
Ransomware
29 Oct 2023IMS
Infosys McCamish Systems, LLC

Infosys McCamish Systems Data Breach

129After Incident
CRITICAL-300
MCC150072725
The Maine Office of the Attorney General reported that Infosys McCamish Systems, LLC (IMS) experienced a data breach involving ransomware, affecting the personal information of 11,866 Maine residents. The breach was discovered on November 2, 2023, and the company began notifying individuals on June 27, 2024. Approximately 6,078,263 individuals were affected in total and identity theft protection services were offered for 24 months via Kroll.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
Data Compromised: Personal InformationIdentity Theft Risk: High
DATA BREACH
Type Of Data Compromised: Personal InformationSensitivity Of Data: High
JUNE 2023
754Before Incident
Ransomware
16 Jun 2023IMS
Infosys McCamish Systems LLC

Infosys McCamish Systems LLC Ransomware Attack and Data Breach (2023)

400After Incident
CRITICAL-354
MCC4892848092325
In late 2023, Infosys McCamish Systems LLC suffered a ransomware attack that led to a massive data breach, compromising the personal, biometric, financial, and protected health information of approximately 3.7 million individuals in the U.S. The breach exposed sensitive data, resulting in a $17.5 million class-action settlement to address claims of identity theft risks, financial fraud, and inadequate security measures. Victims were offered up to $6,000 in reimbursements for documented losses (e.g., fraud, legal fees, credit monitoring) and two years of credit monitoring with $1 million identity theft insurance. The lawsuit alleged failure to protect data and delayed breach notifications, though the company denied liability. The attack’s scale and the highly sensitive nature of leaked data—including health and financial records—posed severe risks to affected individuals, leading to legal and reputational consequences for the company.
INCIDENT DETAILS -
TYPE
Data BreachRansomware Attack
MOTIVATION
Financial GainData Theft
IMPACT
Financial Loss: $17.5 million (settlement fund)Personal InformationBiometric DataFinancial InformationProtected Health Information (PHI)Customer Complaints: Class action lawsuit filed by affected individualsBrand Reputation Impact: Significant (class action settlement, public disclosure of breach)Legal Liabilities: $17.5 million settlement, attorneys' fees up to $5.83 million, potential regulatory finesIdentity Theft Risk: High (3.7 million individuals affected, credit monitoring offered)Payment Information Risk: Yes (financial information compromised)
DATA BREACH
Personal InformationBiometric DataFinancial InformationProtected Health Information (PHI)Number Of Records Exposed: 3,700,000Sensitivity Of Data: High (includes PHI, biometrics, financial data)Data Exfiltration: YesNamesAddressesSocial Security NumbersBiometric DataFinancial Account InformationHealth Records

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for IMS ?
?
What was IMS's A.I Rankiteo Cyber Score in June 2026 ?
?
What was IMS's A.I Rankiteo Cyber Score in May 2026 ?
?
What was IMS's A.I Rankiteo Cyber Score in April 2026 ?
?
What was IMS's A.I Rankiteo Cyber Score in March 2026 ?
?
What was IMS's A.I Rankiteo Cyber Score in February 2026 ?
?
What was IMS's A.I Rankiteo Cyber Score in January 2026 ?
?
What was IMS's A.I Rankiteo Cyber Score in December 2025 ?
?
What was IMS's A.I Rankiteo Cyber Score in November 2025 ?
?
What was IMS's A.I Rankiteo Cyber Score in October 2025 ?
?
What was IMS's A.I Rankiteo Cyber Score in September 2025 ?
?
What was IMS's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on IMS's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with IMS ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view IMS's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?
Infosys McCamish Systems Cyber Scoring History | Rankiteo