Bank of America is reaching out to 57,000 of its customers, alerting them to a data breach that occurred at third-party services provider Infosys McCamish System (IMS), where their personal information was compromised.
Key Events
- November 3, 2023: Infosys, the parent company of IMS, disclosed the cyberattack in a filing with the US Securities and Exchange Commission (SEC), stating that multiple applications and systems were affected.
- January 11: Infosys informed the SEC that all impacted systems were restored by December 31, 2023, estimating losses at $30 million. They also warned of potential additional costs.
- February 1: Bank of America began notifying customers, acknowledging that data regarding deferred compensation plans may have been compromised.
What Information Was Exposed?
According to Bank of America, the compromised data may include:
- Names
- Addresses
- Dates of birth
- Social Security numbers
- Business email addresses
- Other account information
While Bank of America cannot definitively ascertain the extent of the accessed personal information, they provide a complimentary two-year membership in an identity theft protection service to affected customers.
Although details on the cyberattack’s specifics remain undisclosed, the LockBit ransomware gang asserted responsibility for the breach on November 4 and purportedly leaked the stolen IMS data.
FAQs
How did Bank of America learn about the breach?
Bank of America was notified by IMS about the data breach, prompting them to initiate customer notifications.
What should affected customers do?
Affected customers should monitor their accounts closely for any suspicious activity and take advantage of the provided identity theft protection service.
Is there any indication of misuse of the compromised information?
There’s no evidence of misuse, but Bank of America is taking proactive measures to safeguard affected customers.
