Bank of America Vendor Compromise Leads to Customer Data Exposure

Last updated 04/30/2024 by

Edited by

Summary:

Bank of America has announced a significant data breach at Infosys McCamish Systems, putting customer data at risk. The incident, which occurred last year, involved the exposure of personal and financial information. In response, Bank of America is offering affected customers a complimentary identity theft protection service, amidst growing concerns over cybersecurity in the banking sector.

Bank of America has alerted its customers and relevant authorities about a significant data breach at one of its vendors, Infosys McCamish Systems (IMS), which occurred last year. This incident has put sensitive customer information at risk, raising concerns over potential identity theft or fraud.

Get Competing Personal Loan Offers In Minutes

Compare rates from multiple vetted lenders. Discover your lowest eligible rate.

Get Personalized Rates

It's quick, free and won’t hurt your credit score

The data breach details

Incident overview

The breach was first disclosed by Bleeping Computer, with reports sent to the Attorney General of Texas detailing the extent of the exposure. Personal Identifiable Information (PII) of numerous customers, including names, addresses, social security numbers, dates of birth, and financial details such as account and credit card numbers, were compromised.

Timeline and response

The breach took place on November 3, 2023, but Bank of America only sent out official notifications to affected customers on February 1, 2024. IMS discovered the breach when an unauthorized party accessed their systems, leading to several applications being made unavailable. Despite the breach, Bank of America assures that its own systems remained secure.

Bank of America’s proactive measures

In an effort to mitigate the impact on its customers, Bank of America has offered a complimentary two-year subscription to an identity theft protection program provided by Experian Identity Works. This service includes daily credit report access, online tracking, and identity theft recovery, at no charge to the customers.

SuperMoney may receive compensation from some or all of the companies featured, and the order of results are influenced by advertising bids, with exception for mortgage and home lending related products. Learn more

Loading results ...

The Lockbit ransomware connection

A notorious gang’s claim

The ransomware gang Lockbit took responsibility for the attack on IMS, claiming to have encrypted over 2,000 systems. Lockbit, known for its ransomware-as-a-service (RaaS) operations, has targeted several high-profile organizations since its emergence in September 2019.

Previous incidents and ongoing security efforts

This incident marks the second time in recent months that a Bank of America vendor has been involved in a data breach. A similar incident occurred with the US division of EY, though investigations concluded that internal systems of neither Bank of America nor EY were compromised.

Conclusion

The breach at Infosys McCamish Systems highlights the ongoing challenges and risks associated with cybersecurity in the banking sector. Bank of America’s response, offering identity theft protection to affected customers, demonstrates a commitment to customer security and trust. However, the incident serves as a reminder of the importance of robust cybersecurity measures and the potential consequences of data breaches.

Key takeaways

Bank of America’s vendor, Infosys McCamish Systems (IMS), experienced a data breach, compromising sensitive customer information including social security numbers and financial details.
The breach occurred on November 3, 2023, but customers were only notified on February 1, 2024, highlighting a significant delay in communication.
Bank of America has responded by offering affected customers a free two-year subscription to Experian Identity Works for identity theft protection.
The ransomware gang Lockbit claimed responsibility for the breach, emphasizing the growing threat of ransomware attacks on financial institutions and their vendors.

Share this post: