Bank of America has alerted its customers about a recent data breach that occurred through one of its service providers, Infosys McCamish Systems (IMS), last year.
The breach has reportedly exposed personal information of individuals, including names, addresses, social security numbers, dates of birth and financial details such as account and credit card numbers.
The exact number of affected customers has not been disclosed by Bank of America. However, a recent notification letter from IMS to the Attorney General of Maine on behalf of Bank of America indicated that approximately 57,028 individuals were directly impacted.
In a letter to customers, IMS further reported that the breach occurred around November 3 2023, when unauthorized access was gained to their systems, affecting specific applications.
“Financial institutions, particularly banks, have long been prime targets for cybercriminals due to the vast amount of sensitive information they hold,” commented Erfan Shadabi, cybersecurity expert at comforte AG.
“This breach underscores the need for financial institutions to adopt a proactive approach to cybersecurity, embracing continuous monitoring and threat intelligence capabilities to detect and respond to threats in real-time.”
The breach was allegedly orchestrated by the LockBit ransomware gang, who claimed responsibility in November last year for encrypting over 2000 systems during the attack.
Threat Actor: LockBit
— Dark Web Informer (@DarkWebInformer) November 4, 2023
Ransomware Victim: Infosys McCamish
Date: 2023-11-04
Note: Allegedly, #LockBit has named #InfosysMcCamish as a victim. #Ransomware #StopRansomware #DarkWeb #DarkWebInformer #Leaks #Leaked #Cyberattack pic.twitter.com/Gx11qO6Gwc
LockBit has been active since September 2019 and has targeted numerous high-profile organizations worldwide, including governmental bodies and large corporations.
Read more on LockBit attacks: LockBit Remains Top Global Ransomware Threat
“By implementing tokenization, robust encryption, access controls and data monitoring mechanisms, banks can mitigate the impact of breaches and make stolen data unusable to unauthorized parties,” Shadabi added.
“This shift towards data-centric security is not merely defensive; it represents a strategic investment for driving business growth.”
This incident adds to the concerns of Bank of America customers, as it follows another breach in May 2023 when the MOVEit Transfer platform of Ernst & Young, the leading accounting firm handling financial information for Bank of America, was compromised by the Clop cybercrime gang.
However, on that occasion, Ernst & Young assured that Bank of America’s systems were not affected by the breach.
Image credit: Ken Wolter / Shutterstock.com