The recent data breach involving Infosys McCamish Systems, LLC has exposed the sensitive personal and medical information of approximately 6 million individuals.

This incident, which resulted from a ransomware attack, underscores the dangers posed by corporate negligence in safeguarding private data.

It also highlights the broader implications of corporate irresponsibility within the frameworks of neoliberal capitalism, corporate ethics, and consumer protection.

The Anatomy of a Preventable Disaster

Infosys McCamish Systems, a subsidiary of Infosys Limited, provides insurance process management solutions to over 34 insurance companies.

As part of its operations, it collects and stores vast amounts of sensitive personal information (PII) and protected health information (PHI).

This includes Social Security numbers, biometric data, financial account details, and medical records—data that is highly sought after by cybercriminals.

On November 2, 2023, Infosys McCamish discovered that its systems had been encrypted by ransomware. Investigations revealed that unauthorized activity had occurred between October 29 and November 2.

During this time, cybercriminals exfiltrated unencrypted data from the company’s systems.

Despite the severity of the breach, affected individuals were not notified until June 2024—a delay that further exacerbated the risks faced by victims.

The breach was not an isolated incident but part of a troubling trend in which corporations fail to adequately protect consumer data.

The root causes often lie in cost-cutting measures and prioritization of profits over robust cybersecurity measures.

Infosys McCamish’s failure to implement basic protections such as encryption and timely vulnerability assessments demonstrates a reckless disregard for consumer safety.

Economic Fallout and Consumer Harm

The economic implications of this breach are profound. Victims face immediate and long-term risks such as identity theft, financial fraud, and medical identity theft. For instance:

  • Identity Theft: Stolen Social Security numbers can be used to open fraudulent accounts, apply for loans, or file false tax returns.
  • Medical Fraud: Compromised PHI can lead to fraudulent medical claims or alter victims’ medical histories, potentially endangering their lives.
  • Financial Costs: Victims may incur significant expenses for credit monitoring services, legal fees, and other mitigation measures.

Moreover, the breach diminishes the value of individuals’ personal information while increasing their exposure to future cyberattacks.

The psychological toll—manifested as anxiety and stress—adds another layer of harm that cannot be quantified in monetary terms.

From an economic perspective, this breach exemplifies how corporations externalize costs onto consumers while internalizing profits.

Infosys McCamish’s negligence has shifted the burden of cybersecurity failures onto individuals who must now bear the financial and emotional costs of mitigating risks they did not create.

Corporate Accountability and Ethical Failures

This incident raises critical questions about corporate accountability in an era dominated by neoliberal capitalism. Under this system, corporations are incentivized to prioritize shareholder profits above all else—even at the expense of public safety and ethical responsibility.

Infosys McCamish’s actions—or lack thereof—reflect several ethical failings:

  1. Negligence in Data Protection: Despite being entrusted with sensitive information, the company failed to implement industry-standard cybersecurity measures such as encryption and intrusion detection systems.
  2. Delayed Notification: The seven-month delay in informing victims demonstrates a lack of transparency and accountability.
  3. Inadequate Remediation: Offering limited credit monitoring services does little to address the long-term risks faced by victims.

These failures are not unique to Infosys McCamish but are symptomatic of a broader corporate culture that views compliance with cybersecurity standards as a cost rather than an ethical obligation.

The Role of Government Regulation

Government oversight is crucial in holding corporations accountable for protecting consumer data. However, regulatory frameworks often lag behind technological advancements, creating loopholes that corporations exploit. In this case:

  • The Federal Trade Commission (FTC) has established guidelines for data protection under Section 5 of the FTC Act. However, enforcement actions are reactive rather than preventive.
  • Existing penalties for data breaches are insufficient to deter negligent behavior. For many corporations, fines become a mere “cost of doing business.”

To address these gaps, policymakers must enact stricter regulations that mandate proactive cybersecurity measures and impose harsher penalties for non-compliance. Additionally, federal agencies must be equipped with adequate resources to investigate and prosecute violations effectively.

A Call for Consumer Advocacy and Grassroots Action

While government regulation is essential, consumers also play a critical role in advocating for corporate accountability. Grassroots movements can pressure companies to adopt better practices through public campaigns, boycotts, and litigation.

In this case, the class-action lawsuit filed against Infosys McCamish represents an important step toward justice for victims. Such legal actions not only seek compensation but can also serve as a deterrent against future negligence.

Moreover, consumers must demand greater transparency from corporations regarding their data protection practices. Companies should be required to disclose cybersecurity audits publicly and provide clear explanations of how they safeguard sensitive information.

Corporate Greed vs. Public Health

The Infosys McCamish breach illustrates how corporate greed can endanger public health. By failing to secure PHI adequately, the company has compromised individuals’ access to safe healthcare services. For example:

  • Altered medical records could lead to misdiagnoses or inappropriate treatments.
  • Fraudulent claims could inflate healthcare costs for all consumers.

These risks highlight the interconnectedness of cybersecurity with broader societal issues such as healthcare access and affordability.

Protecting PHI is not merely a technical challenge but a moral imperative that affects public well-being.

A Broken System Demands Change

The Infosys McCamish data breach is more than a cautionary tale; it is an indictment of a broken system where corporate negligence thrives under weak regulatory oversight.

This incident underscores the urgent need for systemic change that prioritizes consumer protection over profit maximization.

To prevent future breaches:

  1. Corporations must adopt robust cybersecurity measures as part of their ethical responsibilities.
  2. Governments must strengthen regulations and enforce penalties that hold companies accountable.
  3. Consumers must advocate for transparency and demand justice through collective action.

Ultimately, addressing these challenges requires rethinking the role of corporations in society.

Under neoliberal capitalism, companies like Infosys McCamish are incentivized to cut corners at the expense of public safety. Only through collective efforts can we create a system where corporate accountability is not optional but mandatory—a system where protecting consumers is valued as much as maximizing shareholder profits.


additional sources:

https://www.cpomagazine.com/cyber-security/infosys-mccamish-systems-lockbit-ransomware-data-breach-impacted-6-million-people-leaked-extensive-pii