Infosys BPM
Company Details
Linkedin ID:
infosys-bpm
Website:
Employees number:
41,762
Number of followers:
2,055,276
NAICS:
5415
Industry Type:
Homepage:
infosysbpm.com
IP Addresses:
0
Company ID:
INF_1064000
Scan Status:
In-progress
Infosys BPM Company CyberSecurity Posture
infosysbpm.com
Infosys BPM Ltd., the business process management subsidiary of Infosys Ltd. (NYSE: INFY), was set up in April 2002. Infosys BPM focuses on integrated end-to-end outsourcing and delivers transformational benefits to its clients through reduced costs, ongoing productivity improvements, and process re-engineering. Infosys BPM operates in India, Poland, the Czech Republic, the Netherlands, Ireland, South Africa, Brazil, Mexico, Costa Rica, the United States, Puerto Rico, China, the Philippines, Singapore, and Australia. Infosys BPM has been consistently ranked among the leading BPM companies and has received over 60 awards and recognitions in the last 5 years from key industry bodies and forums like the International Association of Outsourcing Professionals, Outsourcing Center, SSON, and NOA, among others. Infosys BPM also has very robust people practices, as substantiated by the various HR-specific awards it has won over the years. The company has consistently been ranked among the top employers of choice, on the basis of its industry-leading HR best practices. The company’s senior leaders contribute widely to industry forums as BPO strategists.
Infosys BPM A.I CyberSecurity Scoring
Infosys BPM Risk Score (AI oriented)Between 800 and 849
Infosys BPM
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Infosys BPM Global Score (TPRM)XXXX
Infosys BPM
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Infosys BPM Company CyberSecurity News & History
Past Incidents
4
Attack Types
1
Infosys McCamish Systems
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Infosys McCamish Systems experienced a data breach resulting from a LockBit ransomware attack, impacting over 6 million individuals. The breach saw unauthorized access to a substantial amount of sensitive personal data, including names, Social Security numbers, medical information, financial account information, and passport numbers. The incident led to the non-availability of certain applications and systems, and subsequent restoration and security measures resulted in at least $30 million in losses for the company. Additional costs are anticipated due to potential indemnities or damage claims.
Infosys McCamish Systems, LLC
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Maine Office of the Attorney General reported that Infosys McCamish Systems, LLC (IMS) experienced a data breach involving ransomware, affecting the personal information of 11,866 Maine residents. The breach was discovered on November 2, 2023, and the company began notifying individuals on June 27, 2024. Approximately 6,078,263 individuals were affected in total and identity theft protection services were offered for 24 months via Kroll.
Infosys McCamish Systems LLC
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: In late 2023, Infosys McCamish Systems LLC suffered a **ransomware attack** that led to a **massive data breach**, compromising the **personal, biometric, financial, and protected health information** of approximately **3.7 million individuals** in the U.S. The breach exposed sensitive data, resulting in a **$17.5 million class-action settlement** to address claims of **identity theft risks, financial fraud, and inadequate security measures**. Victims were offered **up to $6,000 in reimbursements** for documented losses (e.g., fraud, legal fees, credit monitoring) and **two years of credit monitoring with $1 million identity theft insurance**. The lawsuit alleged **failure to protect data and delayed breach notifications**, though the company denied liability. The attack’s scale and the **highly sensitive nature of leaked data**—including health and financial records—posed severe risks to affected individuals, leading to legal and reputational consequences for the company.
Infosys McCamish Systems, LLC
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: On **November 2, 2023**, Infosys McCamish Systems, LLC fell victim to a **ransomware attack** that encrypted critical systems, compromising personal information of individuals. The exposed data included **names**, though the exact number of affected individuals remains undisclosed. The incident was formally reported to the **California Office of the Attorney General** on **July 19, 2024**, nearly eight months after the breach occurred. The delay in disclosure raises concerns about the company’s incident response timeline and potential risks to affected parties, such as identity theft or phishing attempts targeting the leaked personal details. While the full scope of the attack—including whether additional sensitive data (e.g., financial records, Social Security numbers) was accessed—has not been confirmed, the encryption of systems suggests operational disruptions. Ransomware attacks of this nature often involve threats of data exfiltration or permanent encryption unless a ransom is paid, though the report does not specify whether such demands were made or met.
Infosys BPM Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Infosys BPM
Incidents vs IT Services and IT Consulting Industry Average (This Year)
No incidents recorded for Infosys BPM in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Infosys BPM in 2025.
Incident Types Infosys BPM vs IT Services and IT Consulting Industry Avg (This Year)
No incidents recorded for Infosys BPM in 2025.
Incident History — Infosys BPM (X = Date, Y = Severity)
Infosys BPM cyber incidents detection timeline including parent company and subsidiaries
Infosys BPM Company Subsidiaries
Infosys BPM Ltd., the business process management subsidiary of Infosys Ltd. (NYSE: INFY), was set up in April 2002. Infosys BPM focuses on integrated end-to-end outsourcing and delivers transformational benefits to its clients through reduced costs, ongoing productivity improvements, and process re-engineering. Infosys BPM operates in India, Poland, the Czech Republic, the Netherlands, Ireland, South Africa, Brazil, Mexico, Costa Rica, the United States, Puerto Rico, China, the Philippines, Singapore, and Australia. Infosys BPM has been consistently ranked among the leading BPM companies and has received over 60 awards and recognitions in the last 5 years from key industry bodies and forums like the International Association of Outsourcing Professionals, Outsourcing Center, SSON, and NOA, among others. Infosys BPM also has very robust people practices, as substantiated by the various HR-specific awards it has won over the years. The company has consistently been ranked among the top employers of choice, on the basis of its industry-leading HR best practices. The company’s senior leaders contribute widely to industry forums as BPO strategists.
Loading...
Infosys BPM Similar Companies
TransUnion is a global information and insights company that makes trust possible in the modern economy. We do this by providing an actionable picture of each person so they can be reliably represented in the marketplace. As a result, businesses and consumers can transact with confidence and achiev
IBM
We don’t just imagine the future — we create it. We collaborate with technologists, developers and engineers to turn bold ideas into real-world impact. We partner with iconic brands like Ferrari and global events like the US Open, Wimbledon and The Masters to bring innovation to the world’s bigge
Luxoft
Luxoft, a DXC Technology Company (NYSE: DXC), is a digital strategy and software engineering firm providing bespoke technology solutions that drive business change for customers the world over. Acquired by U.S. company DXC Technology in 2019, Luxoft is a global operation in 44 cities and 21 countrie
Engineering Group
Engineering Group is the Digital Transformation Company, leader in Italy and expanding its global footprint, with around 14,000 associates and with over 80 offices spread across Europe, the United States, and South America and global delivery. The Engineering Group, consisting of over 70 companies
Capita is an outsourcer, helping clients across the public and private sectors run complex business processes more efficiently, creating better consumer experiences. Operating across eight countries, Capita’s 34,000 colleagues support primarily UK and European clients with people-based services und
Zensar Technologies
Zensar stands out as a premier technology consulting and services company, embracing an ‘experience-led everything’ philosophy. We are creators, thinkers, and problem solvers passionate about designing digital experiences that are engineered into scale-ready products, services, and solutions to deli
Algar Tech
Somos a Algar Tech CX. Com 26 anos de mercado, atuamos como parceira de negócio para a transformação digital de grandes corporações. Nosso portfólio possui serviços de Relacionamento com o Cliente, que visam melhorar a experiência dos consumidores. Somos mais de 7 mil associados que trabalham com o
Birlasoft
Navigating Change. Powering Progress. | Reimagining the Future with Birlasoft Birlasoft, a powerhouse where domain expertise, enterprise solutions, and digital technologies converge to redefine business processes. We take pride in our consultative and design thinking approach, driving societal pro
IGT Solutions
IGT Solutions is a next-gen customer experience (CX) company, defining and delivering AI-led transformative experiences for the global and most innovative brands using digital technologies. With the combination of Digital and Human Intelligence, IGT becomes the preferred partner for managing end-to-
.png)
Infosys BPM CyberSecurity News
August 07, 2025 07:00 AM
Infosys Shares Worth Rs. 100.51 Crores Traded in NSE Block Deal
A significant block trade of Infosys shares occurred on the National Stock Exchange (NSE). The transaction involved 702295 shares at Rs.
August 06, 2025 07:00 AM
Infosys Unveils Advanced AI and Cybersecurity Center in Hubballi, Boosting Regional Innovation
Infosys has opened a new Center for Advanced AI, Cybersecurity, and Space Technology at its Hubballi Development Center in North Karnataka.
July 14, 2025 09:03 AM
Bad news for Narayana Murthy, Infosys to pay fine of Rs 10000000 for not providing…, IT company enters into…
Under the proposed terms, Narayana Murthy led Infosys McCamish Systems had agreed to pay USD 17.5 million into a fund to settle all the pending class action...
July 14, 2025 07:00 AM
Infosys McCamish to pay $125,000 penalty in US cybersecurity breach case
Infosys McCamish Systems (IMS), a subsidiary of Infosys BPM, and the State of Vermont, Department of Financial Regulation (DFR) have entered...
July 14, 2025 07:00 AM
Infosys unit in US to pay $125,000 penalty in cybersecurity probe
BENGALURU: Infosys McCamish Systems (IMS), a subsidiary of Infosys BPM, entered a stipulation and consent order with the State of Vermont's...
July 11, 2025 07:00 AM
Infosys Subsidiary Settles Cybersecurity Allegations in Vermont for $125,000
Infosys McCamish Systems (IMS), a subsidiary of Infosys BPM Limited, has agreed to pay a $125000 administrative penalty to settle...
May 02, 2025 07:00 AM
Infosys completes acquisition of Australian cybersecurity firm The Missing Link
The acquisition strengthens Infosys' cybersecurity capabilities while bolstering its presence in the fast-growing Australian market,...
March 17, 2025 07:00 AM
Infosys McCamish resolves class action lawsuits with $17.5m payment
Infosys McCamish Systems agreed to a $17.5m settlement to resolve ongoing class action lawsuits stemming from a 2023 cybersecurity incident.
March 16, 2025 07:00 AM
Infosys’ US Unit Fined ₹150 Crore For Cybersecurity Breach
Infosys McCamish Systems (IMS), a subsidiary of Infosys BPM, has agreed to pay $17.5 million (₹150 crore) to settle lawsuits related to a 2023 cybersecurity...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Infosys BPM CyberSecurity History Information
Official Website of Infosys BPM
The official website of Infosys BPM is https://www.infosysbpm.com.
Infosys BPM’s AI-Generated Cybersecurity Score
According to Rankiteo, Infosys BPM’s AI-generated cybersecurity score is 812, reflecting their Good security posture.
How many security badges does Infosys BPM’ have ?
According to Rankiteo, Infosys BPM currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Infosys BPM have SOC 2 Type 1 certification ?
According to Rankiteo, Infosys BPM is not certified under SOC 2 Type 1.
Does Infosys BPM have SOC 2 Type 2 certification ?
According to Rankiteo, Infosys BPM does not hold a SOC 2 Type 2 certification.
Does Infosys BPM comply with GDPR ?
According to Rankiteo, Infosys BPM is not listed as GDPR compliant.
Does Infosys BPM have PCI DSS certification ?
According to Rankiteo, Infosys BPM does not currently maintain PCI DSS compliance.
Does Infosys BPM comply with HIPAA ?
According to Rankiteo, Infosys BPM is not compliant with HIPAA regulations.
Does Infosys BPM have ISO 27001 certification ?
According to Rankiteo,Infosys BPM is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Infosys BPM
Infosys BPM operates primarily in the IT Services and IT Consulting industry.
Number of Employees at Infosys BPM
Infosys BPM employs approximately 41,762 people worldwide.
Subsidiaries Owned by Infosys BPM
Infosys BPM presently has no subsidiaries across any sectors.
Infosys BPM’s LinkedIn Followers
Infosys BPM’s official LinkedIn profile has approximately 2,055,276 followers.
NAICS Classification of Infosys BPM
Infosys BPM is classified under the NAICS code 5415, which corresponds to Computer Systems Design and Related Services.
Infosys BPM’s Presence on Crunchbase
No, Infosys BPM does not have a profile on Crunchbase.
Infosys BPM’s Presence on LinkedIn
Yes, Infosys BPM maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/infosys-bpm.
Cybersecurity Incidents Involving Infosys BPM
As of December 11, 2025, Rankiteo reports that Infosys BPM has experienced 4 cybersecurity incidents.
Number of Peer and Competitor Companies
Infosys BPM has an estimated 37,490 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Infosys BPM ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware.
What was the total financial impact of these incidents on Infosys BPM ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $47.50 million.
How does Infosys BPM detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with kroll, and incident response plan activated with yes (settlement implies post-breach actions), and third party assistance with kroll settlement administration llc (claims processing), and remediation measures with class action settlement ($17.5m), remediation measures with credit monitoring for affected individuals, and communication strategy with settlement notices to class members, communication strategy with public disclosure via settlement website..
Incident Details
Can you provide details on each incident ?
Title: Infosys McCamish Systems Data Breach
Description: Infosys McCamish Systems experienced a data breach resulting from a LockBit ransomware attack, impacting over 6 million individuals. The breach saw unauthorized access to a substantial amount of sensitive personal data, including names, Social Security numbers, medical information, financial account information, and passport numbers. The incident led to the non-availability of certain applications and systems, and subsequent restoration and security measures resulted in at least $30 million in losses for the company. Additional costs are anticipated due to potential indemnities or damage claims.
Type: Data Breach
Attack Vector: Ransomware
Threat Actor: LockBit
Title: Infosys McCamish Systems Data Breach
Description: Infosys McCamish Systems, LLC (IMS) experienced a data breach involving ransomware, affecting the personal information of 11,866 Maine residents. The breach was discovered on November 2, 2023, and the company began notifying individuals on June 27, 2024. Approximately 6,078,263 individuals were affected in total and identity theft protection services were offered for 24 months via Kroll.
Date Detected: 2023-11-02
Date Publicly Disclosed: 2024-06-27
Type: Data Breach
Attack Vector: Ransomware
Title: Ransomware Incident at Infosys McCamish Systems, LLC
Description: The California Office of the Attorney General reported that Infosys McCamish Systems, LLC experienced a ransomware incident that encrypted certain systems on November 2, 2023. The breach affected personal information, including names, of individuals; however, the specific number of individuals affected is unknown.
Date Detected: 2023-11-02
Date Publicly Disclosed: 2024-07-19
Type: ransomware
Title: Infosys McCamish Systems LLC Ransomware Attack and Data Breach (2023)
Description: Infosys McCamish Systems LLC experienced a ransomware attack in late 2023, compromising the personal, biometric, financial, and protected health information of approximately 3.7 million individuals. The company agreed to a $17.5 million class action settlement to resolve allegations of inadequate data protection and delayed breach notification.
Date Detected: 2023-10-29
Type: Data Breach
Attack Vector: Ransomware
Motivation: Financial GainData Theft
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach MCC449070624
Financial Loss: $30 million
Data Compromised: Names, Social security numbers, Medical information, Financial account information, Passport numbers
Systems Affected: certain applications and systems
Legal Liabilities: potential indemnities or damage claims
Incident : ransomware MCC019091825
Data Compromised: Personal information (including names)
Systems Affected: certain systems (encrypted)
Identity Theft Risk: potential (personal information exposed)
Incident : Data Breach MCC4892848092325
Financial Loss: $17.5 million (settlement fund)
Data Compromised: Personal information, Biometric data, Financial information, Protected health information (phi)
Customer Complaints: Class action lawsuit filed by affected individuals
Brand Reputation Impact: Significant (class action settlement, public disclosure of breach)
Legal Liabilities: $17.5 million settlement, attorneys' fees up to $5.83 million, potential regulatory fines
Identity Theft Risk: High (3.7 million individuals affected, credit monitoring offered)
Payment Information Risk: Yes (financial information compromised)
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $11.88 million.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Social Security Numbers, Medical Information, Financial Account Information, Passport Numbers, , Personal Information, Personal Information (Names), , Personal Information, Biometric Data, Financial Information, Protected Health Information (Phi) and .
Which entities were affected by each incident ?
Incident : Data Breach MCC449070624
Entity Name: Infosys McCamish Systems
Entity Type: Company
Industry: Technology
Customers Affected: over 6 million individuals
Incident : Data Breach MCC150072725
Entity Name: Infosys McCamish Systems, LLC
Entity Type: Company
Industry: Technology
Customers Affected: 6078263
Incident : ransomware MCC019091825
Entity Name: Infosys McCamish Systems, LLC
Entity Type: company
Customers Affected: unknown
Incident : Data Breach MCC4892848092325
Entity Name: Infosys McCamish Systems LLC
Entity Type: Subsidiary (BPO/IT Services)
Industry: Information Technology, Business Process Outsourcing, Insurance Services
Location: United States
Customers Affected: 3.7 million individuals
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach MCC150072725
Third Party Assistance: Kroll
Incident : Data Breach MCC4892848092325
Incident Response Plan Activated: Yes (settlement implies post-breach actions)
Third Party Assistance: Kroll Settlement Administration Llc (Claims Processing).
Remediation Measures: Class action settlement ($17.5M)Credit monitoring for affected individuals
Communication Strategy: Settlement notices to class membersPublic disclosure via settlement website
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Yes (settlement implies post-breach actions).
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Kroll, Kroll Settlement Administration LLC (claims processing), .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach MCC449070624
Type of Data Compromised: Names, Social security numbers, Medical information, Financial account information, Passport numbers
Number of Records Exposed: over 6 million
Sensitivity of Data: high
Personally Identifiable Information: namesSocial Security numberspassport numbers
Incident : Data Breach MCC150072725
Type of Data Compromised: Personal Information
Number of Records Exposed: 6078263
Sensitivity of Data: High
Incident : ransomware MCC019091825
Type of Data Compromised: Personal information (names)
Number of Records Exposed: unknown
Sensitivity of Data: moderate (personal identifiers)
Data Encryption: yes (ransomware encryption)
Personally Identifiable Information: yes (names)
Incident : Data Breach MCC4892848092325
Type of Data Compromised: Personal information, Biometric data, Financial information, Protected health information (phi)
Number of Records Exposed: 3,700,000
Sensitivity of Data: High (includes PHI, biometrics, financial data)
Data Exfiltration: Yes
Personally Identifiable Information: NamesAddressesSocial Security NumbersBiometric DataFinancial Account InformationHealth Records
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Class action settlement ($17.5M), Credit monitoring for affected individuals, .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Data Breach MCC449070624
Ransomware Strain: LockBit
Incident : ransomware MCC019091825
Data Encryption: yes
Incident : Data Breach MCC4892848092325
Data Encryption: Yes (implied by ransomware attack)
Data Exfiltration: Yes
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : ransomware MCC019091825
Regulatory Notifications: California Office of the Attorney General (reported on 2024-07-19)
Incident : Data Breach MCC4892848092325
Regulations Violated: Potential HIPAA (PHI exposure), State data breach notification laws (untimely notice),
Legal Actions: Class action lawsuit (settled for $17.5M),
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Class action lawsuit (settled for $17.5M), .
References
Where can I find more information about each incident ?
Incident : Data Breach MCC150072725
Source: Maine Office of the Attorney General
Incident : ransomware MCC019091825
Source: California Office of the Attorney General
Date Accessed: 2024-07-19
Incident : Data Breach MCC4892848092325
Source: Class Action Settlement Notice (McNally v. Infosys McCamish Systems LLC)
Incident : Data Breach MCC4892848092325
Source: Kroll Settlement Administration LLC
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Maine Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2024-07-19, and Source: Class Action Settlement Notice (McNally v. Infosys McCamish Systems LLC), and Source: Kroll Settlement Administration LLC.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach MCC4892848092325
Investigation Status: Settled (class action lawsuit resolved)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Settlement Notices To Class Members and Public Disclosure Via Settlement Website.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach MCC4892848092325
Stakeholder Advisories: Settlement Notices Sent To 3.7M Affected Individuals.
Customer Advisories: Credit monitoring offered (2 years, $1M identity theft insurance)Cash payments up to $6,000 for documented losses$30 residual cash payment per claimant
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Settlement Notices Sent To 3.7M Affected Individuals, Credit Monitoring Offered (2 Years, $1M Identity Theft Insurance), Cash Payments Up To $6,000 For Documented Losses, $30 Residual Cash Payment Per Claimant and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach MCC4892848092325
High Value Targets: Personal Data, Biometric Data, Financial Data, Phi,
Data Sold on Dark Web: Personal Data, Biometric Data, Financial Data, Phi,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach MCC4892848092325
Root Causes: Inadequate Data Protection Measures, Delayed Breach Notification,
Corrective Actions: $17.5M Settlement Fund, Credit Monitoring For Affected Individuals, Legal Compliance Improvements (Implied),
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Kroll, Kroll Settlement Administration Llc (Claims Processing), .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: $17.5M Settlement Fund, Credit Monitoring For Affected Individuals, Legal Compliance Improvements (Implied), .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an LockBit.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-11-02.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-07-19.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was $30 million.
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were names, Social Security numbers, medical information, financial account information, passport numbers, , Personal Information, personal information (including names), , Personal Information, Biometric Data, Financial Information, Protected Health Information (PHI) and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Kroll, kroll settlement administration llc (claims processing), .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Social Security numbers, passport numbers, Protected Health Information (PHI), medical information, names, Biometric Data, personal information (including names), Personal Information, Financial Information and financial account information.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 9.7M.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Class action lawsuit (settled for $17.5M), .
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are California Office of the Attorney General, Kroll Settlement Administration LLC, Maine Office of the Attorney General and Class Action Settlement Notice (McNally v. Infosys McCamish Systems LLC).
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Settled (class action lawsuit resolved).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Settlement notices sent to 3.7M affected individuals, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Credit monitoring offered (2 years, $1M identity theft insurance)Cash payments up to $6 and000 for documented losses$30 residual cash payment per claimant.
.png)
Latest Global CVEs (Not Company-Specific)
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Description
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=infosys-bpm' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
