Bank of America Data Breach at Infosys McCamish Systems

This content has been archived. But, the content is true and relevant to the underlying technology products or infrastructure services.

Bank of America has confirmed a data breach cyber security incident at one of its vendors. The details of this data breach are shared below.

Salient points about the Bank of America data breach

  • The said data breach is said to have impacted the vendor systems and installations of Infosys McCamish Systems.
  • The data breach happened on 29 October 2023. It was first detected on 30 October 2023. The cybersecurity event resulted in the non-availability of certain applications and systems.
  • The vendor Infosys McCamish Systems with a third-party cyber-security consultancy to contain the impact and perform an audit of the systems compromised by the threat actor.
  • Infosys McCamish Systems confirmed the cyber-incident on 3 November 2023.
  • The vendor reported the data breach to Bank of America on 24 November 2023.
  • Back in November 2023, Lockbit ransomware confirmed the data breach involving over 2000 systems at Infosys McCamish Systems.
  • There has been no official confirmation about the scale and extent of this ransomware attack or data breach incident.
  • Personal record information of Bank of America customers has been breached. Over 57,028 customers have been impacted.
  • Bank of America has confirmed enrolling the impacted customers in a 2-year credit watch service provided by Experian.

What customer data was breached?

The following data of 57,028 customers of Bank of America was accessed by an unauthorized third-party contact:

  • the names of the affected individuals
  • the addresses of the affected individuals
  • the social security numbers
  • the dates of birth
  • the financial information, including account and credit card numbers

It remains unclear if the said information was breached or encrypted. The nature of this cyber attack cannot be confirmed as a ransomware incident or a pure data breach incident.

Post-incident action taken by Bank of America

Meanwhile, Bank of America has offered a complimentary 2-year credit watch service offered by Experian to the impacted customers. Bank of America says that, “out of an abundance of caution”, it is enrolling affected customers in a complimentary two-year membership of identity theft protection services provided by Experian.

The company has filed a data breach notification with the office of the Maine Attorney General on 1 February 2024. You can read about this data breach notification on this page.

More Security Stories

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.