Excerpt from The Digital Terminal Article, Published on Aug 12, 2024.
Coforge, an Indian IT company, has received an indemnification notice from a North American client, demanding over $11 million for a data breach settlement. The client claims that the breach resulted in significant financial and reputational damage, prompting the demand for indemnity. Coforge, however, contends that it is being unfairly blamed and disputes the claims.
This notice follows the company’s earlier disclosures during its earnings call on October 19, 2023, and subsequent updates on December 15, 2023, and January 22, 2024. Coforge, including its subsidiary Coforge Inc., informed the stock exchanges about receiving the indemnification notice, though the client’s identity was not revealed in the statement to the National Stock Exchange (NSE).
According to Coforge’s notice to the NSE, “Pursuant to such Notice, (A) the Client is claiming indemnity for (i) an amount of $7,597,780 for the in-principle settlements that the Client has reached with certain arbitration claimants concerning demands for arbitration of claims related to the alleged data breach; and (ii) potentially an additional amount of $4,276,800 for settling demands by certain additional claimants with whom Client has not yet reached an agreement in principle. The quantum of claims or the expected financial implication on the Company of the class action suits already disclosed in Regulation 30 Disclosure continues to remain unascertained at this stage.”
The company further clarifies that discussions are ongoing with their offshore counsel regarding the indemnity notice. Coforge disputes the client’s arbitration demands, asserting that no amounts are reasonably liable for indemnification. The company also states that it is not involved in any arbitration or litigation proceedings, and there are no court, tribunal, or agency actions pending against it.
Coforge assures stakeholders that it is closely monitoring the situation and will take necessary legal actions to safeguard its interests. The company emphasizes that it has always maintained robust security protocols and believes that the breach may have resulted from factors beyond its control.
The $11 million indemnification notice has raised concerns about the potential financial impact on Coforge. As the legal proceedings unfold, the outcome of this dispute could set a precedent for future cases involving data breaches and the allocation of liability. The incident highlights the importance of cybersecurity and the need for continuous improvement in data protection measures.
In conclusion, Coforge’s receipt of an $11 million indemnification notice for a data breach settlement underscores the critical importance of cybersecurity in the IT services industry. The case serves as a reminder of the significant financial and reputational risks associated with data breaches and the necessity for ongoing vigilance and robust security measures.
