Bank of America has issued a warning to its customers regarding a data breach that has exposed their personal information. The breach occurred after one of Bank of America’s service providers, Infosys McCamish Systems (IMS), was hacked last year.
The breach has resulted in the exposure of personally identifiable information (PII) of the affected individuals, including their names, addresses, social security numbers, dates of birth, and financial information such as account and credit card numbers. These details were shared with the Attorney General of Texas.
Bank of America, which serves approximately 69 million clients across the United States, its territories, and over 35 countries, has not disclosed the exact number of customers impacted by the breach. However, a breach notification letter filed with the Attorney General of Maine on behalf of Bank of America revealed that a total of 57,028 people were directly affected.
IMS, the service provider that suffered the cybersecurity event, reported that an unauthorized third party accessed its systems around November 3, 2023, resulting in the non-availability of certain IMS applications. IMS informed Bank of America on November 24, 2023, that data related to deferred compensation plans serviced by Bank of America may have been compromised. It was clarified that Bank of America’s systems were not compromised in the incident.
Bank of America spokesperson declined to provide further details when approached for comment by BleepingComputer and directed inquiries to Infosys McCamish.
The incident serves as a reminder of the ongoing threat posed by cyber attacks and the importance of robust security measures to safeguard sensitive personal information.