The breach was due to last year’s hacking of the bank’s service provider

Scarlett Evans, Assistant Editor, IoT World Today

February 13, 2024

2 Min Read
Bank of America has warned customers of a data breach

Bank of America has warned customers of a data breach that compromised personal data, after its service provider, Infosys McCamish Systems (IMS), was hacked last November. 

In the Security and Exchange Commission filing, IMS said it had "become aware of a cybersecurity incident resulting in non-availability of certain applications and systems in IMS,” adding that it was working with leading cybersecurity experts to resolve the issue and had launched an internal investigation.

Now, it has been revealed the breach extended to Bank of America, impacting the personal data of 57,028 individuals. 

The news was announced in a data breach notification filed in the state of Maine, which described the incident as an "external system breach (hacking)." 

The information acquired was revealed to be individuals’ names and other personal identifiers in combination with social security numbers.

"Or around Nov. 3, 2023, IMS was impacted by a cybersecurity event when an unauthorized third party accessed IMS systems, resulting in the non-availability of certain IMS applications," Bank of America wrote in a sample letter for impacted customers. "On Nov. 24, 2023, IMS told Bank of America that data concerning deferred compensation plans serviced by Bank of America may have been compromised. Bank of America's systems were not compromised.”

Related:MGM Attack Drives Cybersecurity to Top of Mind

The letter added that, to date, IMS has found “no evidence of continued threat actor access,” though it also added it is "unlikely” that the full nature and extent of the personal data compromised will be determined. 

In the interest of customer safety, Bank of America said that it will be providing a complimentary two-year membership in identity theft protection services provided by Experian IdentityWorksSM. 

“This product provides you with daily monitoring of your credit reports from the three national credit reporting companies,” the bank said.

Ransomware gang LockBit claimed responsibility for the original IMS attack, saying that its operators encrypted more than 2,000 systems.

About the Author(s)

Scarlett Evans

Assistant Editor, IoT World Today

Scarlett Evans is the assistant editor for IoT World Today, with a particular focus on robotics and smart city technologies. Scarlett has previous experience in minerals and resources with Mine Australia, Mine Technology and Power Technology. She joined Informa in April 2022.

Sign Up for the Newsletter
The most up-to-date news and insights into the latest emerging technologies ... delivered right to your inbox!

You May Also Like