Indian IT services provider Infosys announced on Friday that it has reached a settlement agreement with plaintiffs involved in lawsuits against its U.S. unit over a 2023 cyber incident.
Infosys McCamish Systems (IMS) has agreed to pay $17.5 million into a fund to settle all the pending class action lawsuits and resolve all allegations made in the incident.
Infosys McCamish Systems’ cyber security event
In November 2023, Infosys said that Infosys McCamish Systems was affected by a cybersecurity incident, leading to some applications and systems not being available.
The attack was carried out by LockBit, a cybercriminal group widely known for encrypting companies’ systems and extorting ransom in exchange for the key to access those systems. They used this access to encrypt sensitive IMS systems and stole personal information, illegally accessing the data of approximately 6.5 million people.
Infosys later in April last year, said McCamish, coordinating with its third-party vendor eDiscovery, identified up to 6.5 million individuals whose information was subject to unauthorized access and data exfiltration in the incident.
The unlawfully retrieved sensitive data included the individual’s birth dates, bank account details, medical records, social security numbers, and biometric information. The intrusion caused serious worries among individuals since the information is sensitive and important to cybercriminals.
See also
Foxconn CEO Young Liu says Trump’s tariffs are a “headache” for tech industry
Despite the incident occurring at Infosys McCamish Systems, Infosys, the parent company, took responsibility for settling the lawsuit.
Insight into using AI as a tool to enhance existing and create new cyber threats
As concerns over cyber cases increase, a strategic communications leader and journalist, Dan Patterson, suggests that AI-powered cyber threats reshape security landscapes.
Patterson emphasises that cybercriminals are weaponising AI across every attack phase. Large language models (LLMs) craft hyper-personalized phishing emails by scraping targets’ social media profiles and professional networks. Generative adversarial networks (GAN) produce deepfake audio and video to bypass multi-factor authentication. Automated tools like WormGPT enable script kiddies to launch polymorphic malware that evolves to evade signature-based detection.
Concerning deepfake videos, On March 13, the State Bank of India shared an cautioning all its customers and the general public about many deepfake videos being circulated on social media, falsely claiming the launch of an AI-based platform showcasing lucrative investment schemes supported by the State Bank of India in association with the Govt. of India and some multinational companies.
This incident highlights how AI isn’t just enhancing existing cyber threats but creating entirely new categories of security risks.
Patterson says malicious actors now have access to state-of-the-art tools via AI to make their cyber attacks more precise, persuasive, and harder to detect. For example, contemporary generative AI systems can sift through large datasets of personal information, business communications, and social activity to build hyper-targeted phishing efforts that can convincingly impersonate trusted contacts and reputable organizations.
See also
Salesforce to invest $1 billion in Singapore over the next five years to stimulate AI adoption
Patterson believes this powerful combination, along with automated malware that evolves to counter defensive measures in real-time, radically boosts both attack volume and success rate.
But AI is also a powerful tool for defence. AI-based security solutions can process an enormous amount of data in real-time while also detecting outliers and possible threats that conventional approaches may overlook. These systems can adjust to new methods of attack and provide a dynamic defence against cyberattacks powered by AI.
Cryptopolitan Academy: Tired of market swings? Learn how DeFi can help you build steady passive income.
Register Now