Infosys McCamish Systems Agrees to $17.5 Million Data Breach Settlement After LockBit Cyberattack

In late 2023, Infosys McCamish Systems LLC (IMS), a U.S. subsidiary of Infosys Limited, reportedly faced a major cybersecurity attack that affected more than 6.5 million people. The hackers, linked to the ransomware group LockBit, allegedly targeted IMS’s data platforms that manage insurance, healthcare, and financial records.

The stolen data is stated to included:
 

• Names
• Social Security numbers
• Driver’s license numbers
• Dates of birth
• Policy or account details
• Medical billing or insurance information
   

Investigators state that hackers entered IMS’s network between October 29 and November 2, 2023, copying confidential files before launching ransomware that disrupted company operations. The LockBit group later leaked portions of this data on criminal forums.
 

Victims reported anxiety, wasted hours, and financial costs as they worked to protect their credit and medical identities. Several lawsuits followed, accusing IMS of failing to implement strong cybersecurity systems and delaying public notice. Plaintiffs also cited violations of HIPAA and multiple state consumer protection laws.
 

IMS denies the allegations but agreed to a $17.5 million class action settlement to resolve the claims and provide restitution to affected individuals.
 

How the December 2023 Cyberattack Unfolded

Investigators determined that LockBit exploited a system vulnerability to infiltrate IMS servers. Once inside, the attackers reportedly extracted files linked to major insurance and healthcare clients that depend on IMS for data processing and revenue-cycle management.
 

Patients, policyholders, and employees connected to these clients began receiving breach-notification letters in early 2024. The lawsuits claim IMS failed to use adequate encryption, patch security flaws, and monitor its networks in real time. Plaintiffs argue that the company’s slow response exposed victims to higher risks of identity theft and fraudulent medical billing.
 

The $17.5 Million Infosys McCamish Settlement

Under the settlement, Infosys McCamish will create a $17.5 million fund to compensate individuals impacted by the Infosys data breach. The agreement offers direct financial relief and identity-protection benefits.
 

Settlement benefits include:

• Reimbursement for documented losses: Victims can claim compensation for verified expenses such as identity-theft recovery, document replacement, or professional fees.
• Cash payments for non-documented losses: Participants who experienced inconvenience or stress without receipts can request a flat-rate payment.
• Free credit monitoring and identity-theft protection: Eligible class members receive complimentary monitoring services for a set period.
   

Payment amounts depend on documentation and the total number of valid claims. The settlement reflects growing accountability in the healthcare data breach and insurance-technology sectors.
 

Who Qualifies for the Infosys McCamish Settlement?

You likely qualify for the McCamish settlement if you are a U.S. resident who received a breach-notification letter from IMS or one of its partner companies. The eligible class covers everyone whose data appeared in IMS systems during the October 29 – November 2, 2023 breach.
 

Eligibility extends to policyholders, patients, and employees associated with IMS’s insurance, healthcare, or financial services clients. You do not need to prove identity theft, only that your information was included in the compromised dataset.
 

How to File a Claim

To claim benefits, submit a completed form before the filing deadline listed in the settlement notice. You may file online or by mail. Use the claim ID provided in your notification letter to confirm eligibility.
 

Claimants can request:

• Reimbursement for documented out-of-pocket losses related to the breach
• Free credit-monitoring services to track financial accounts
• Cash payments for non-documented inconvenience or time spent

Attach receipts, invoices, or correspondence that show your financial losses.
 

For complete filing instructions and case updates, visit OnlyClassActions.com.
 

Why the LockBit Cyberattack Matters

The reported December 2023 cyberattack exposed serious weaknesses across insurance and healthcare data systems. Criminals often sell stolen insurance or medical data on dark-web marketplaces, where others use it to create fake insurance claims, open new credit lines, or obtain medical services under false identities.
 

Victims may spend months correcting inaccurate medical records or disputing fraudulent debts. The Infosys lawsuit underscores the importance of treating cybersecurity as a vital element of consumer protection, not an afterthought.
 

The Larger Impact on Healthcare and Insurance Security

The Infosys data breach demonstrates how interconnected the healthcare, dental, and pharmaceutical billing industries have become. A single compromised vendor can trigger cascading risks for millions of people.

Ransomware groups like LockBit target these industries because the data holds long-term value. Health records cannot be replaced the way credit cards can, and exposed policy information can enable medical identity theft for years.
 

This medical billing breach shows why regulators and courts now demand higher security standards. Companies that manage sensitive patient and insurance data must perform frequent system audits, update firewalls, and maintain incident-response plans. The increasing number of medical records lawsuits and HIPAA violation claims signals stronger legal consequences for poor cybersecurity practices.
 

What Those Affected Should Do Next

If you believe the Infosys McCamish Systems data breach affected your personal or financial data, take these protective steps:

• Enroll in the free credit-monitoring service included in the settlement
• Check bank, credit-card, and insurance statements for unauthorized activity
• Place fraud alerts or freezes with major credit bureaus
• Report identity-theft incidents to law enforcement and the FTC
• Keep detailed records of all breach-related communication

You can find eligibility details, claim forms, and additional lawsuit updates on OnlyClassActions.com.

The Bottom Line

The Infosys McCamish data breach shows how quickly a single security lapse can compromise millions of insurance and healthcare records. The $17.5 million settlement provides meaningful financial relief and access to identity-protection tools.
 

This case sends a strong message: organizations handling sensitive data must prioritize prevention, transparency, and rapid response. Class action settlements such as this one help victims recover and hold companies accountable.

Stay informed about similar data-breach lawsuits and upcoming claim deadlines at OnlyClassActions.com.