Connect with us

Hi, what are you looking for?


Data Breaches

Bank of America Customer Data Stolen in Data Breach

Bank of America is notifying some customers that their personal information was stolen in a data breach at third-party services provider.

Bank of America is sending notification letters to 57,000 customers to inform them that their personal information was stolen in a data breach at third-party services provider Infosys McCamish System (IMS).

The incident was disclosed on November 3, 2023, when IMS parent company Infosys said in a filing with the US Securities and Exchange Commission that it fell victim to a cyberattack resulting in several applications and systems becoming unavailable.

On January 11, the company informed the SEC that it had restored all the impacted systems by December 31, and that losses related to the incident were estimated at $30 million. The company also noted that additional costs such as indemnities or damages/claims could also occur.

“McCamish believes that certain data was exfiltrated by unauthorized third parties during the incident and this exfiltrated data included certain customer data,” the company said.

On February 1, Bank of America started notifying customers that “data concerning deferred compensation plans serviced by Bank of America may have been compromised” in the IMS incident.

In the letter, a copy of which was submitted to the Maine Attorney General’s Office, Bank of America noted that it cannot determine “with certainty what personal information was accessed” during the attack.

However, deferred compensation plan information may include names, addresses, dates of birth, Social Security numbers, business email addresses, and other account information.

“Although we are not aware of any misuse involving your information, we are notifying you that Bank of America will provide a complimentary two-year membership in an identity theft protection service,” Bank of America said.

Advertisement. Scroll to continue reading.

While neither IMS nor Bank of America shared details on the nature of the cyberattack, on November 4, the LockBit ransomware gang claimed responsibility for the attack and also released the data allegedly stolen from IMS.

Related: 1.5 Million Affected by Data Breach at Insurance Broker Keenan & Associates

Related: Schneider Electric Responding to Ransomware Attack, Data Breach

Related: HMG Healthcare Says Data Breach Impacts 40 Facilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Cody Barrow has been appointed the new CEO of threat intelligence company EclecticIQ.

Shay Mowlem has been named CMO of runtime and application security company Contrast Security.

Attack detection firm Vectra AI has appointed Jeff Reed to the newly created role of Chief Product Officer.

More People On The Move

Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Data Breaches

Delta Dental of California says over 6.9 million individuals were impacted by a data breach caused by the MOVEit hack.