Data Breach - Bank of America Warns Clients & Customers

Uploaded on 2024-02-23 in FREE TO VIEW, BUSINESS-Services-Financial

Bank of America is warning customers of a cyber attack and is sending notification letters to 57,000 customers to inform them that their personal information was stolen in a data breach that is  exposing their personal information after Infosys McCamish Systems (IMS), one of its service providers, was hacked last  November.

The exact number of Bank of America customers impacted by the breach, including personally identifiable information such as social security numbers, account numbers, date of birth and addresses, has not been confirmed.

Bank of America serves approximately 69 million clients at over 3,800 retail financial centers and through approximately 15,000 ATMs in the United States, its territories, and more than 35 countries.

"Or around November 3, 2023, IMS was impacted by a cybersecurity event when an unauthorised third party accessed IMS systems, resulting in the non-availability of certain IMS applications," the breach notification says.

"On November 24, 2023, IMS told Bank of America that data concerning deferred compensation plans serviced by Bank of America may have been compromised. Bank of America's systems were not compromised.... It is unlikely that we will be able to determine with certainty what personal information was accessed as a result of this incident at IMS."

LockBit Ransomware Attack On IMS

The November security breach led to a "non-availability of certain applications and systems in IMS," as explained when the incident was first disclosed in a filing with the US Securities and Exchange Commission. On November 4th, the LockBit ransomware gang claimed responsibility for the IMS attack, saying that its operators encrypted over 2,000 systems during the breach.

The LockBit ransomware-as-a-service (RaaS) operation came to light in September 2019 and has since targeted many high-profile organisations, including the UK’s Royal Mail and others.  Lockbit was most recently in the news resulting from a combined US and UK law enforcement operation which impounded the RaasS website. 

Maine Attorney General     |     Document Cloud     |     Security Week     |     Twitter     |   Bleeping Computer     |   

 Forbes     |     Infosys     |     Maine Attorney General

You Might Also Read: 

Lockbit's Website Taken Down By Law Enforcement:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Nation State Hackers Deploy AI
Surge in “Hunter-Killer” Malware »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Micro Systemation AB (MSAB)

Micro Systemation AB (MSAB)

MSAB is a leader in the provision of forensically secure tools for the extraction and analysis of data from mobile devices.

ITrust

ITrust

French cybersecurity pure player since 2007. ITrust offers its Cyber expertise services and develops disruptive products in Cyber/Artificial Intelligence.

Logscape

Logscape

Logscape provides a big data analytical tool for log file analysis and operational analytics.

Optimal IdM

Optimal IdM

Optimal IdM is a leading global provider of identity management solutions and services.

Honeynet Project

Honeynet Project

The Honeynet Project is a leading international non-profit security research organization, dedicated to investigating the latest attacks and developing open source security tools.

Data Terminator

Data Terminator

Data Terminator provide a comprehensive range of secure data destruction equipment and services are in compliance to US Department of Defense (DoD) and National Security Agency (NSA) standards.

Innovation Cybersecurity Ecosystem at BLOCK71 (ICE71)

Innovation Cybersecurity Ecosystem at BLOCK71 (ICE71)

Innovation Cybersecurity Ecosystem at BLOCK71 (ICE71) is Singapore's first cybersecurity entrepreneur hub.

TAV Technologies

TAV Technologies

TAV Technologies is a provider of technology services to the aviation industry in areas including airport infrastructure systems, digital transformation and cybersecurity.

BullWall

BullWall

BullWall is a digital innovator dedicated to fight cybercrime in its many forms. Our overarching purpose is to stop new and unknown strings of ransomware attacks in its tracks.

SharkStriker

SharkStriker

SharkStriker is a US based managed security services provider with SOCs and offices across the globe.

Hackuity

Hackuity

Hackuity is a breakthrough technology solution that rethinks the way of managing IT vulnerabilities in enterprises.

Pulsant

Pulsant

Pulsant is the UK’s premier digital edge infrastructure company providing next-generation cloud, colocation and connectivity services.

Ceeyu

Ceeyu

Ceeyu is an all-in-one cybersecurity ratings and third party risk management platform.

Control D

Control D

Control D is a modern and customizable DNS service that blocks threats, unwanted content and ads - on all devices.

Rebellion Defense

Rebellion Defense

Rebellion Defense is a technology company developing advanced software to ensure mission-critical organizations stay ahead of emerging threats.

Assurestor

Assurestor

Assurestor's singular focus is delivering leading cloud-based backup and disaster recovery designed to increase levels of IT resilience.