Mumbai: Infosys Ltd on Monday said its subsidiary Infosys McCamish Systems (IMS) has entered into a consent order with the South Dakota Division of Insurance (DOI) in the US to settle concerns linked to a 2023 data breach, agreeing to pay a $30,000 monetary penalty.
In a stock exchange filing, Infosys said the regulator had expressed concerns that IMS may have violated South Dakota Codified Laws relating to breach notification and response timelines, including an alleged failure to respond to the DOI’s information request within the stipulated 20-day period.
The consent order, entered into on December 22, 2025, resolves the matter without any further action and explicitly states that it does not constitute an admission of violation by IMS, the company said. The payment has been made as agreed under the settlement.
Infosys added that the matter relates to a previously disclosed cyber incident at IMS in 2023 and does not have a material impact on the company’s financials or operations. The disclosure was made under Regulation 30 of the SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015.