Bank of America Alerts Clients of Data Breach Following Devastating Vendor Hack

Bank of America warns customers of data breach

Imagine you’re settling in for the evening, ready to unwind after a long day at work, and you receive an email from your bank. The subject line reads “Important: Data Breach Notification.” Your heart sinks. What’s going on? Well, that’s the situation many Bank of America customers are currently facing after the bank recently warned them of a data breach that exposed their personal information due to a service provider getting hacked last year.

The exposed data includes names, addresses, social security numbers, dates of birth, and financial information, such as account and credit card numbers. While the exact number of affected customers remains undisclosed, Infosys McCamish Systems (IMS), the vendor whose systems were compromised, reported that 57,028 individuals had their data exposed in the incident. To put this into perspective, Bank of America serves approximately 69 million clients across the globe.

How did this happen?

IMS, a subsidiary of IT consulting giant Infosys, experienced a cybersecurity event in early November 2023 when an unauthorized third party accessed its systems. This resulted in the non-availability of certain IMS applications, and on November 24, IMS informed Bank of America that data concerning deferred compensation plans serviced by the bank may have been compromised. It’s essential to note that Bank of America’s own systems were not breached in this incident.

Unfortunately, it is unlikely that we’ll ever know for sure what personal information was accessed during this breach at IMS.

The LockBit ransomware attack on IMS

So who’s behind this attack? The LockBit ransomware gang claimed responsibility for the IMS breach, stating that its operators encrypted over 2,000 systems during the attack. Since its emergence in September 2019, the LockBit ransomware-as-a-service (RaaS) operation has targeted many high-profile organizations.

In June, cybersecurity authorities in the United States and partners worldwide released a joint advisory estimating that the LockBit gang has extorted at least $91 million from U.S. organizations following roughly 1,700 attacks since 2020.

What’s next?

As a Bank of America customer, or any bank customer for that matter, you might be wondering what you can do to protect yourself from such incidents in the future. While the banks and their service providers should take the utmost precautions to safeguard your data, there’s no harm in taking some steps on your own to ensure your information remains secure.

Regularly monitor your account statements for any suspicious activity, strengthen your passwords, and be cautious about sharing personal information online. You can also consider using credit monitoring services to stay informed about any potential identity theft threats.

Stay informed and stay protected

At IT Services, we understand how important it is to stay updated on the latest cybersecurity threats and best practices. That’s why we’re committed to keeping you informed and providing expert advice to help keep your personal data secure.

So why not stay connected with us? Together, we can navigate the ever-evolving cybersecurity landscape and work towards a more secure digital future. Contact us or keep coming back to learn more about how you can protect yourself and your data from cyber threats.