Bank of America recently issued a warning to its customers about a significant data breach resulting from a cybersecurity incident at Infosys McCamish Systems (IMS), a key service provider. This breach, which came to light following a ransomware attack last year, exposed sensitive personal information of potentially tens of thousands of customers.
Personal Identifiable Information (PII) compromised includes names, addresses, Social Security numbers, dates of birth, and financial details such as account and credit card numbers. Despite the direct impact on IMS systems, Bank of America’s systems were reportedly not compromised. However, the breach notification filed in Maine revealed that 57,028 individuals were directly affected, marking a significant privacy concern for those involved.
Why it matters: This incident underscores the critical vulnerabilities associated with third-party service providers and the far-reaching implications of cybersecurity breaches within the financial sector. Given the sensitivity of the exposed data, customers are at a heightened risk of identity theft and financial fraud.
- The notorious LockBit ransomware gang claimed responsibility for the attack on IMS, highlighting the operational capabilities and the continuous threat posed by ransomware groups to global financial institutions and their affiliates.
- In the aftermath of the breach, both IMS and Bank of America took steps to address the security incident. IMS engaged a third-party forensic firm for investigation and recovery, while Bank of America offered affected customers two years of complimentary identity theft protection services.
- This breach reiterates the complex cybersecurity challenges faced by financial institutions involving third-party vendors. It stresses the need for comprehensive risk management strategies, including the demand for a software bill of materials (SBOM) from vendors to assess and mitigate vulnerabilities proactively.
Go Deeper -> Bank of America Warns Customers of Data Breach After Vendor Hack – Bleeping Computer
BofA Warns Customers of Data Leak in Third-Party Breach – Dark Reading