Data Breach - Bank of America Warns Clients & Customers

Bank of America is warning customers of a cyber attack and is sending notification letters to 57,000 customers to inform them that their personal information was stolen in a data breach that is  exposing their personal information after Infosys McCamish Systems (IMS), one of its service providers, was hacked last  November.

The exact number of Bank of America customers impacted by the breach, including personally identifiable information such as social security numbers, account numbers, date of birth and addresses, has not been confirmed.

Bank of America serves approximately 69 million clients at over 3,800 retail financial centers and through approximately 15,000 ATMs in the United States, its territories, and more than 35 countries.

"Or around November 3, 2023, IMS was impacted by a cybersecurity event when an unauthorised third party accessed IMS systems, resulting in the non-availability of certain IMS applications," the breach notification says.

"On November 24, 2023, IMS told Bank of America that data concerning deferred compensation plans serviced by Bank of America may have been compromised. Bank of America's systems were not compromised.... It is unlikely that we will be able to determine with certainty what personal information was accessed as a result of this incident at IMS."

LockBit Ransomware Attack On IMS

The November security breach led to a "non-availability of certain applications and systems in IMS," as explained when the incident was first disclosed in a filing with the US Securities and Exchange Commission. On November 4th, the LockBit ransomware gang claimed responsibility for the IMS attack, saying that its operators encrypted over 2,000 systems during the breach.

The LockBit ransomware-as-a-service (RaaS) operation came to light in September 2019 and has since targeted many high-profile organisations, including the UK’s Royal Mail and others.  Lockbit was most recently in the news resulting from a combined US and UK law enforcement operation which impounded the RaasS website. 

Maine Attorney General     |     Document Cloud     |     Security Week     |     Twitter     |   Bleeping Computer     |   

 Forbes     |     Infosys     |     Maine Attorney General

You Might Also Read: 

Lockbit's Website Taken Down By Law Enforcement:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Nation State Hackers Deploy AI
Surge in “Hunter-Killer” Malware »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

ITQ

ITQ

ITQ is an IT consulting firm with a focus on the entire VMware-product portfolio with three main services: Professional Services, Support Services and Managed Services.

Titania

Titania

Titania provide network security and compliance software. Find your Network Security gaps before hackers do with our security & compliance tools.

InfoWatch

InfoWatch

InfoWatch solutions allow you to protect data and information assets that are critically important to your business.

BeOne Development

BeOne Development

BeOne Development provide innovative training and learning solutions for information security and compliance.

Claranet

Claranet

Claranet are experts in modernising and running critical applications and infrastructure through end-to-end professional services, managed services and training.

SEEK

SEEK

SEEK create world-class technology solutions to address the needs of job seekers and hirers across multiple sectors including cybersecurity.

Sonrai Security

Sonrai Security

Sonrai Security delivers an enterprise security platform focused on identity and data protection inside AWS, Azure, and Google Cloud.

Northcross Group (NCG)

Northcross Group (NCG)

NCG provides services to help organizations meet the challenges of regulatory compliance. Our services include support, consultation, tools and accelerators for all parts of an organization.

Dashlane

Dashlane

Dashlane puts all your passwords, payments, and personal info in one place that only you control. So you can use them instantly. Securely. Exactly when you need them.

SoloKeys

SoloKeys

SoloKeys provides the first open-source FIDO2 security key: Protect your online accounts against unauthorized access by using the most secure login method.

Ascent Solutions

Ascent Solutions

Ascent is built to help firms evolve their cybersecurity posture, modernize their Microsoft solutions, and accelerate their journey to the cloud.

TokenEx

TokenEx

TokenEx Cloud Security Platform protects sensitive data to strengthen our clients' security postures while future-proofing their operations.

Aikido Technology Services

Aikido Technology Services

Aikido Technology Services is a leading-edge technology solutions provider, servicing the Pacific North West USA. We offer affordable IT solutions designed to streamline and secure your business.

Circle Security

Circle Security

Circle’s breakthrough security API unifies solutions for identity and data security into one architecture and empowers organizations to secure their identity, data and privacy in their applications.

Liberty Technology

Liberty Technology

Liberty Technology has a host of highly trained, certified experts who assist our clients with immediate remote support as well as on-site service.

Breathe Technology

Breathe Technology

Breathe Technology has been providing Managed IT Support/ Service Desk, Cloud Services, Cyber Security & Communications to businesses and schools since 2003.