back to article Infosys subsidiary named as source of Bank of America data leak

Indian tech services giant Infosys has been named as the source of a data leak suffered by the Bank of America. Infosys disclosed the breach in a November 3, 2023, filing [PDF] that revealed its US subsidiary Infosys McCamish Systems LLC (IMS) "has become aware of a cyber security incident resulting in non-availability of …

  1. Anonymous Coward
    Anonymous Coward

    System approach is necessary

    Private details should be centralized in a few highly guarded places, split by content type if necessary, and accessed on demand with logs and immediate notifications to data owners for any access. Users could allow or block access requests through their smartphones, as the devices have already become keys to everything.

    Otherwise only the regulatory and legal bureaucracy bubbles are blown. Also spreading security workforce into managing distributed risks is less productive than concentrating it in a few highly specialized places.

    1. Binraider Silver badge

      Re: System approach is necessary

      In a former life at a bank, there were considerable safeguards and logs on any account data access. An employee searching for notable clients without reason would rightly be pulled.

      1. Doctor Syntax Silver badge

        Re: System approach is necessary

        All that goes out of the window when it's outsourced. Likewise if the system is attacked. This was both.

        1. Binraider Silver badge

          Re: System approach is necessary

          Quite. We had exactly the same problems begin more or less the week after payroll was outsourced to a certain outfit in Asia.

          Employees being paid considerably more to steal data than they were getting working for the operator as I understand it.

          I'd say the exec never learn, but more correctly, they just do not care.

    2. JoeCool Bronze badge

      only as a last resort

      The FIRST line of defence is not collecting personal information (unless provable absolutely necessary).

  2. elsergiovolador Silver badge

    Dependency

    It's so great to know that Infosys doesn't work on any critical infrastructure in the UK. Oh wait...

    1. katrinab Silver badge
      Alert

      Re: Dependency

      It is owned by Rishi Sunak's wife and father in law ...

      1. Anonymous Coward
        Anonymous Coward

        Re: Dependency

        >It is owned by Rishi Sunak's wife and father in law ...

        Technically, they own part of it. The Murthy family owns 4.15% (Narayana 0.46%, Sudha 0.95%, Rohan 1.67% and Akshata (Mrs Sunak) 1.07%). Still a lot of money, but less than the Life Insurance Corporation of India (6.2%).

    2. cyberdemon Silver badge
      Facepalm

      Re: Dependency

      > Oh wait...

      Err.. Yeah.

      https://www.theregister.com/2024/02/13/infosys_uk_government_contracts/

      Couldn't make it up... Crapita, Fujitsu, Infosys.. What next? Give the IT contracts to Randox?

      It seems the only qualification needed to win UK government contracts is connection. It's not what you know it's who you know. How many more snouts in the trough? :(

      1. HcsRai

        Re: Dependency

        You think Infosys works on 'contacts'? They are mostly a legal firm. There is a firm called TCS that besmirches the name 'Tata'. Tata are a very very ethical people. But people of a certain south Indian state that begins with a 'T' have ensconced themselves here and made it a territory for themselves. They share everything amongst themselves and absolutely nothing with others. When you find one 'T' in your company, you basically have a weed growing. There is nothing you can do now.

        Infosys - a very genuine company.

  3. Doctor Syntax Silver badge

    Two years isn't much protection when pension plans are involved.

    Outsourcing is great shorthand for "Increasing the attack surface".

    1. ecofeco Silver badge

      Yep. That's exactly what it means.

    2. Anonymous Coward
      Anonymous Coward

      Two years of “protection”

      from a company that was itself hacked because it failed to patch known vulnerabilities for years. Heartwarming.

  4. Anonymous Coward
    Anonymous Coward

    British IT for your company

    Isn’t it about time to allow Jeremy Clarkson to publicly recant his forced apology.

    As someone who has more than enough experience working with the I6 outsources, I think enough is enough!

    1. Binraider Silver badge

      Re: British IT for your company

      Trouble is, "what British IT"? The big operators notionally based here it's just sales and marketing people. The actual work is generally offshore.

      SME's as noted by the scandalous IR35 arrangements are rarely even allowed to bid for work, and even if they can, they do so on unfavourable playing field compared to the Crapitas of the world.

      I do get the luxury of being able to use SME's for *some* of my smaller projects, the ones that need half a dozen users and done for under 1/4m. Anything scaled up from there is just a nope.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like