Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024
  • Security & Privacy News

    Bank of America warns customers of data breach after vendor hack

    Karlston

    By Karlston,
    Published Date:

    • 202 views
    • 3 minutes
     Share
    • 202 views
    • 3 minutes

    Bank of America is warning customers of a data breach exposing their personal information after one of its service providers was hacked last year.

     

    Customer personally identifiable information (PII) exposed in the security breach includes the affected individuals' names, addresses, social security numbers, dates of birth, and financial information, including account and credit card numbers, according to details shared with the Attorney General of Texas.

     

    While Bank of America has yet to disclose how many customers were impacted by the data breach, Infosys McCamish Systems (IMS), the vendor that had its systems compromised, revealed in a recent filing with the Attorney General of Maine that 57,028 had their data exposed in the incident.

     

    Infosys, IMS' parent company, is a multinational IT consulting giant with over 300,000 employees and clients in over 56 countries.

     

    Bank of America serves approximately 69 million clients at over 3,800 retail financial centers and through approximately 15,000 ATMs in the United States, its territories, and more than 35 countries.

     

    "Or around November 3, 2023, IMS was impacted by a cybersecurity event when an unauthorized third party accessed IMS systems, resulting in the non-availability of certain IMS applications," IMS said.

     

    "On November 24, 2023, IMS told Bank of America that data concerning deferred compensation plans serviced by Bank of America may have been compromised. Bank of America's systems were not compromised."

     

    "It is unlikely that we will be able to determine with certainty what personal information was accessed as a result of this incident at IMS."

    LockBit claims ransomware attack on IMS

    IMS said the security breach led to a "non-availability of certain applications and systems in IMS" when it first disclosed the incident in a filing with the U.S. Securities and Exchange Commission

     

    On November 4th, the LockBit ransomware gang claimed responsibility for the IMS attack, saying that its operators encrypted over 2,000 systems during the breach.

     

    LockBit_Infosys.jpg

    Infosys entry on LockBit's leak site (Dark Web Informer)

     

    The LockBit ransomware-as-a-service (RaaS) operation came to light in September 2019 and has since targeted many high-profile organizations, including the UK Royal Mail, the Continental automotive giant, the City of Oakland, and the Italian Internal Revenue Service.

     

    In June, cybersecurity authorities in the United States and partners worldwide released a joint advisory estimating that the LockBit gang has extorted at least $91 million from U.S. organizations following roughly 1,700 attacks since 2020.

     

    A Bank of America spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.

     

    Source

    • aum and Ha91
    • Like 2
     Share
    Go to news

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...