February 13, 2024 at 09:57AM
Bank of America notified 57,000 customers of a data breach at third-party provider Infosys McCamish System. The parent company, Infosys, disclosed the cyberattack on November 3, 2023, stating that customer data was exfiltrated. Bank of America informed customers of potential compromise of personal information and offered identity theft protection. The attack was claimed by the LockBit ransomware gang.
The meeting notes reveal that Bank of America is sending letters to 57,000 customers to notify them of a data breach at third-party services provider Infosys McCamish System (IMS). The breach, disclosed on November 3, 2023, resulted from a cyberattack, impacting several applications and systems. IMS parent company, Infosys, indicated that the incident led to losses estimated at $30 million, with potential additional costs such as indemnities or damages/claims. Bank of America informed customers on February 1 that data concerning deferred compensation plans may have been compromised, and while the specific accessed personal information remains undetermined, it could include names, addresses, dates of birth, Social Security numbers, business email addresses, and other account information. Bank of America is offering affected customers a complimentary two-year membership in an identity theft protection service. Although neither IMS nor Bank of America provided details on the nature of the cyberattack, the LockBit ransomware gang claimed responsibility for the attack and released the allegedly stolen data. Further related data breaches were also noted in the meeting notes.