Bank of America customers impacted by data breach through Infosys McCamish Systems hack
Bank of America has warned its customers of a data breach following a security incident experienced by the bank’s partner, the Indian digital services provider Infosys McCamish Systems (IMS).
57,028 of BofA’s customers are thought to have been affected
The incident is thought to have occurred “on or around November 3, 2023”, according to a customer notice posted by IMS, when an “unauthorised third party” was able to access its systems.
A further filing with the Office of the Maine Attorney General reveals that 57,028 of Bank of America’s customers are thought to have been affected.
Bank of America was notified of the situation three weeks after it took place, on 24 November 2023, with IMS providing its customers with resolutions to the incident.
IMS, which services Bank of America’s deferred compensation plans, says that it is “unlikely” to be able to identify exactly which personal information was accessed during the breach, but that customers’ first and last names, addresses, business email addresses, date of birth and social security number could be among the information exposed.
However, IMS states it has “found no evidence of continued threat actor access” in the months following the incident.
The vendor has since enlisted a “third-party forensic firm” to help action its recovery plan, which includes the rebuilding of systems and defences, correcting malicious activity and the enhancement of its response capabilities, while Bank of America has responded by instating a “complimentary two-year membership” with IdentityWorks, the identity theft protection service offered by Experian.
