SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Bank of America Customer Data Stolen in Data Breach

Bank of America is notifying some customers that their personal information was stolen in a data breach at third-party services provider.

Bank of America is sending notification letters to 57,000 customers to inform them that their personal information was stolen in a data breach at third-party services provider Infosys McCamish System (IMS).

The incident was disclosed on November 3, 2023, when IMS parent company Infosys said in a filing with the US Securities and Exchange Commission that it fell victim to a cyberattack resulting in several applications and systems becoming unavailable.

On January 11, the company informed the SEC that it had restored all the impacted systems by December 31, and that losses related to the incident were estimated at $30 million. The company also noted that additional costs such as indemnities or damages/claims could also occur.

“McCamish believes that certain data was exfiltrated by unauthorized third parties during the incident and this exfiltrated data included certain customer data,” the company said.

On February 1, Bank of America started notifying customers that “data concerning deferred compensation plans serviced by Bank of America may have been compromised” in the IMS incident.

In the letter, a copy of which was submitted to the Maine Attorney General’s Office, Bank of America noted that it cannot determine “with certainty what personal information was accessed” during the attack.

However, deferred compensation plan information may include names, addresses, dates of birth, Social Security numbers, business email addresses, and other account information.

“Although we are not aware of any misuse involving your information, we are notifying you that Bank of America will provide a complimentary two-year membership in an identity theft protection service,” Bank of America said.

Advertisement. Scroll to continue reading.

While neither IMS nor Bank of America shared details on the nature of the cyberattack, on November 4, the LockBit ransomware gang claimed responsibility for the attack and also released the data allegedly stolen from IMS.

Related: 1.5 Million Affected by Data Breach at Insurance Broker Keenan & Associates

Related: Schneider Electric Responding to Ransomware Attack, Data Breach

Related: HMG Healthcare Says Data Breach Impacts 40 Facilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

CIEM Chat: How to Reduce Cloud Identity Risk
March 26, 2024

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

Virtual Event: Ransomware Resilience & Recovery Summit
April 17, 2024

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Mike Dube has joined cloud security company Aqua Security as CRO.

Cody Barrow has been appointed as CEO of threat intelligence company EclecticIQ.

Shay Mowlem has been named CMO of runtime and application security company Contrast Security.

More People On The Move

Expert Insights

Related Content

Ransomware Alerts Ransomware Alerts

Cybercrime

Cyber Insights 2023 | Ransomware

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

February 2, 2023
ChatGPT attack ChatGPT attack

Data Breaches

ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

March 28, 2023
Zendesk Hacked After Employees Fall for Phishing Attack

Cybercrime

Zendesk Hacked After Employees Fall for Phishing Attack

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

January 24, 2023
SharePoint Online (Office 365) Ransomware Attach SharePoint Online (Office 365) Ransomware Attach

Ransomware

SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint

A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.

June 9, 2023
Dish Network Dish Network

Cybercrime

Dish Network Says Outage Caused by Ransomware Attack

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

March 1, 2023
Hackers Stole Encrypted Backups, MFA Settings from GoTo, LastPass Hackers Stole Encrypted Backups, MFA Settings from GoTo, LastPass

Data Breaches

LastPass Says DevOps Engineer Home Computer Hacked

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

February 27, 2023
Okta hack Okta hack

CISO Strategy

Okta Hack Blamed on Employee Using Personal Google Account on Company Laptop

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

November 3, 2023
Delta Dental Says Data Breach Exposed 7 Million Customers

Data Breaches

Delta Dental Says Data Breach Exposed 7 Million Customers

Delta Dental of California says over 6.9 million individuals were impacted by a data breach caused by the MOVEit hack.

December 18, 2023