Infosys Ltd. Data Breach Exposes Financial Account Information

Published

March 16, 2026

Updated

March 16, 2026

Infosys

Affected by the data breach? You may be entitled to compensation. Submit a claim today.

On Oct. 29, 2025, Infosys Ltd., a global leader in information technology and consulting, experienced a data breach. The incident stemmed from a security compromise involving ESOP Direct, a third-party vendor responsible for administering the Infosys employee share scheme.

According to a disclosure filed with the Massachusetts Office of Consumer Affairs and Business Regulation on March 12, 2026, the breach impacted 17 people in the state so far.

The investigation found that unauthorized access to ESOP Direct’s systems potentially exposed several types of sensitive personal information.

The data elements at risk include name, address, phone number, transaction receipt, bank identifier code, payment amount, bank account details and government ID. For each affected individual, not all data elements may have been compromised, but any combination of these could have been exposed.

The breach was limited to the ESOP Direct vendor and did not originate from Infosys’ internal systems.

Infosys's response

Out of an abundance of caution, the company is offering two years of complimentary credit monitoring services to those impacted. Affected individuals can enroll in these services by contacting the company at stock\_query@infosys.com.

Infosys has also encouraged vigilance in monitoring financial accounts and credit reports for any suspicious activity. The company’s notice includes guidance on obtaining free credit reports, placing fraud alerts and instituting credit freezes with major credit bureaus.

Additionally, affected individuals are advised of their rights under Massachusetts law, including the ability to file a police report if they believe they are victims of identity theft.

For further support, Infosys Ltd. has provided contact information for their Group Data Privacy Officer at privacy@infosys.com. The company also refers individuals to resources from the Federal Trade Commission and their state attorney general office for additional guidance on preventing identity theft and fraud.