Bank of America issues a warning to its customers regarding a data breach affecting their personal information, following a cyberattack on Infosys McCamish Systems (IMS), one of its service providers. The breach exposed sensitive customer data such as names, addresses, social security numbers, dates of birth, and financial details, including account and credit card numbers. With approximately 69 million clients across various locations, Bank of America remains a major financial institution serving a vast customer base. While the exact number of affected customers remains undisclosed by Bank of America, a notification from IMS revealed that over 57,000 individuals were directly impacted by the breach.
The security incident occurred around November 3, 2023, when an unauthorized third party accessed IMS systems, leading to the unavailability of certain applications. IMS notified Bank of America on November 24, 2023, about the potential compromise of data related to deferred compensation plans. However, Bank of America assured its systems were not affected by the breach. Despite efforts to ascertain the extent of the breach, the specifics of the accessed personal information remain uncertain.
The breach was attributed to the LockBit ransomware gang, which claimed responsibility for encrypting over 2,000 systems during the attack. LockBit, a ransomware-as-a-service operation known since 2019, has targeted various organizations worldwide, including notable entities like the UK Royal Mail and the Italian Internal Revenue Service. Infosys, the parent company of IMS, is a multinational IT consulting firm with a vast global presence, serving clients across numerous countries.
Reference:
