Bank of America has confirmed a data breach cyber security incident at one of its vendors. The details of this data breach are shared below.
Salient points about the Bank of America data breach
- The said data breach is said to have impacted the vendor systems and installations of Infosys McCamish Systems.
- The data breach happened on 29 October 2023. It was first detected on 30 October 2023. The cybersecurity event resulted in the non-availability of certain applications and systems.
- The vendor Infosys McCamish Systems with a third-party cyber-security consultancy to contain the impact and perform an audit of the systems compromised by the threat actor.
- Infosys McCamish Systems confirmed the cyber-incident on 3 November 2023.
- The vendor reported the data breach to Bank of America on 24 November 2023.
- Back in November 2023, Lockbit ransomware confirmed the data breach involving over 2000 systems at Infosys McCamish Systems.
- There has been no official confirmation about the scale and extent of this ransomware attack or data breach incident.
- Personal record information of Bank of America customers has been breached. Over 57,028 customers have been impacted.
- Bank of America has confirmed enrolling the impacted customers in a 2-year credit watch service provided by Experian.
What customer data was breached?
The following data of 57,028 customers of Bank of America was accessed by an unauthorized third-party contact:
- the names of the affected individuals
- the addresses of the affected individuals
- the social security numbers
- the dates of birth
- the financial information, including account and credit card numbers
It remains unclear if the said information was breached or encrypted. The nature of this cyber attack cannot be confirmed as a ransomware incident or a pure data breach incident.
Post-incident action taken by Bank of America
Meanwhile, Bank of America has offered a complimentary 2-year credit watch service offered by Experian to the impacted customers. Bank of America says that, “out of an abundance of caution”, it is enrolling affected customers in a complimentary two-year membership of identity theft protection services provided by Experian.
The company has filed a data breach notification with the office of the Maine Attorney General on 1 February 2024. You can read about this data breach notification on this page.
More Security Stories
- CISA adds Roundcube Webmail XSS Vulnerability to KEV catalog
- Zero-day vulnerability in FortiOS – CVE-2024-21762
- Critical Security Vulnerabilities in Cisco Expressway Series
- 2 Critical Vulnerabilities reported by Fortinet
- Verizon Data Breach – Feb 2024
- AnyDesk Cyberattack incident – February 2024
- Cloudflare Data Breach – November 2023
- Ivanti VPN Vulnerabilities – Jan 2024
- Mercedes Source Code Leak – Jan 2024
- Schneider Electric Ransomware attack – Jan 2024
- Android Security Update – Feb 2024
We are sorry that this post was not useful for you!
Let us improve this post!
Tell us how we can improve this post?
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.