News Heading

Vendor Breach Compromises Bank of America Customers’ Data

Reading time: 2 min

Updated on Feb 16, 2024

Bank of America issued a warning to customers about their sensitive information being compromised in a data breach incident, said to have occurred at one of its vendors.

Last year, its service provider, Infosys McCamish Systems (IMS) suffered a security incident, which exposed personally identifiable information (PII) of customers. The stolen data included names, addresses, dates of birth, social security numbers, and financial details like credit card and account numbers.

Although the customer notifications did not disclose the number of impacted individuals. The incident report filed with the Office of Attorney General of Maine on behalf of Bank of America revealed that 57,028 people were affected.

The incident is said to have occurred as early as November 3, 2023, when ‘’IMS was impacted by a cybersecurity event when an unauthorized third party accessed IMS systems, resulting in the non-availability of certain IMS applications,’’ the notification revealed.

On November 24, 2023, IMS notified the bank about the data breach. It said that ‘’data concerning deferred compensation plans serviced by Bank of America may have been compromised. Although the bank stated that its internal systems were not impacted by the incident, it would be unable to clearly determine the type of information exposed.

Therefore, as a precautionary measure, it’s offering its customers a complimentary identity theft protection service for two years.

Following the attack, in November 2023, LockBit ransomware gang claimed responsibility for this breach. Active since 2019, the ransomware-as-a-service (RaaS) gang has targeted many high-profile organizations across the world, including corporates and government agencies.

This incident adds further woes to Bank of America’s customers. In the MOVEit Transfer platform attack of May 2023, Ernst & Young, world’s leading accounting firm handling the bank’s financial information was also breached. However, the firm did issue a notice that Bank of America’s systems were not impacted by the incident.

Did you like this article? Rate it!
I hated it I don't really like it It was ok Pretty good! Loved it!

We're thrilled you enjoyed our work!

As a valued reader, would you mind giving us a shoutout on Trustpilot? It's quick and means the world to us. Thank you for being amazing!

Rate us on Trustpilot
0 Voted by 0 users
Title
Comment
Thanks for your feedback
Loader
Please wait 5 minutes before posting another comment.
Comment sent for approval.

Leave a Comment

Loader
Loader Show more...