Data Breach - Bank of America Warns Clients & Customers

Bank of America is warning customers of a cyber attack and is sending notification letters to 57,000 customers to inform them that their personal information was stolen in a data breach that is  exposing their personal information after Infosys McCamish Systems (IMS), one of its service providers, was hacked last  November.

The exact number of Bank of America customers impacted by the breach, including personally identifiable information such as social security numbers, account numbers, date of birth and addresses, has not been confirmed.

Bank of America serves approximately 69 million clients at over 3,800 retail financial centers and through approximately 15,000 ATMs in the United States, its territories, and more than 35 countries.

"Or around November 3, 2023, IMS was impacted by a cybersecurity event when an unauthorised third party accessed IMS systems, resulting in the non-availability of certain IMS applications," the breach notification says.

"On November 24, 2023, IMS told Bank of America that data concerning deferred compensation plans serviced by Bank of America may have been compromised. Bank of America's systems were not compromised.... It is unlikely that we will be able to determine with certainty what personal information was accessed as a result of this incident at IMS."

LockBit Ransomware Attack On IMS

The November security breach led to a "non-availability of certain applications and systems in IMS," as explained when the incident was first disclosed in a filing with the US Securities and Exchange Commission. On November 4th, the LockBit ransomware gang claimed responsibility for the IMS attack, saying that its operators encrypted over 2,000 systems during the breach.

The LockBit ransomware-as-a-service (RaaS) operation came to light in September 2019 and has since targeted many high-profile organisations, including the UK’s Royal Mail and others.  Lockbit was most recently in the news resulting from a combined US and UK law enforcement operation which impounded the RaasS website. 

Maine Attorney General     |     Document Cloud     |     Security Week     |     Twitter     |   Bleeping Computer     |   

 Forbes     |     Infosys     |     Maine Attorney General

You Might Also Read: 

Lockbit's Website Taken Down By Law Enforcement:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Nation State Hackers Deploy AI
Surge in “Hunter-Killer” Malware »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Cifas

Cifas

Cifas are leaders in fraud prevention, working closely with UK law enforcement partners.

OPSWAT

OPSWAT

OPSWAT is a software company that provides solutions to secure and manage IT infrastructure.

Cyber Execs

Cyber Execs

Cyber Execs is a Cyber Security Consultancy & Executive Recruitment firm.

Cyber Defense Labs

Cyber Defense Labs

Cyber Defense Labs helps companies identify, mitigate and reduce risk as a trusted, reliable partner for cyber risk management.

CARICERT

CARICERT

CARICERT is the National Cyber Emergency Response Team of Curacao in the Caribbean.

Osirium

Osirium

The Osirium PxM Privileged Access Management platform addresses both security and compliance requirements by defining who gets access to what and when.

Cyturus Technologies

Cyturus Technologies

Cyturus Technologies delivers cybersecurity business risk quantification services using our proprietary Adaptive Risk Model (ARM).

Xopero Software

Xopero Software

Xopero Software develops a comprehensive range of professional tools for protecting and restoring critical business data.

Path Forward IT

Path Forward IT

Path Forward IT has been troubleshooting, architecting, migrating, protecting, and securing IT environments for businesses across the USA since 2002.

LAVAAT

LAVAAT

At LAAVAT, our goal is to make it easy for our customers to build secure IoT devices without a need to invest considerably in embedded security and cryptography expertise.

Fusion Cyber

Fusion Cyber

Fusion Cyber educates students in Zero Trust Risk Management, Defense, and Cyber Offense that lead to taking industry-accepted cybersecurity certifications.

Ruptura InfoSecurity

Ruptura InfoSecurity

Ruptura InfoSecurity provide CREST Accredited Penetration Testing & Offensive Security Services. We secure your critical assets through targeted and research driven penetration testing.

Technation

Technation

Technation proudly represents the Canadian technology companies that are furthering our nation and the world into the future through innovation, creativity and ingenuity.

Actelis Networks

Actelis Networks

Actelis Networks is a market leader in cyber-hardened, rapid deployment networking solutions for wide-area IoT applications.

ABPGroup

ABPGroup

ABPGroup is Asia’s leading cybersecurity technology provider focusing on providing best-of-breed solutions that address today’s pressing challenges.

SoConnect

SoConnect

SoConnect provides safe, secured, and taken care of IT, with infrastructure built around you and your business.