Infosys blamed for Bank of America data breach
Bank of America data breach was a supply chain attack, the victim says
Bank of America has filed a data breach report with the Office of the Maine Attorney General, in which it said that the incident originated from an Infosys subsidiary.
The report, filed on behalf of the Bank of America by an outside attorney, states that Infosys McCamish Systems (IMS), a part of the Indian tech services giant, is an outside counsel for Bank of America.
The total number of people who were affected by the incident, which happened on October 29 2023 and discovered a day later, is just north of 57,000, with the hackers stealing names (or other personal identifiers) and Social Security Numbers (SSN). The incident was described as “external system breach (hacking)”.
"Potentially accessed"
In early November 2023, Infosys said its US subsidiary Infosys McCamish Systems LLC "has become aware of a cyber security incident resulting in non-availability of certain applications and systems in IMS."
The Register came across a sample of the letter the bank allegedly sent to affected customers, in which it said it was “unlikely that we will be able to determine with certainty what personal information was accessed as a result of this incident at IMS. According to our records, deferred compensation plan information may have included your first and last name, address, business email address, date of birth, Social Security number, and other account information."
That’s more than enough information to mount disruptive social engineering attacks.
The publication also said that the infamous LockBit ransomware gang added IMS to its data leak site, a few days after the incident (November 4). Although a ransomware attack is highly likely, these reports are unconfirmed at the time.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Victims have been warned to be wary of potential phishing attacks and identity theft, and were offered two years of free identity theft protection services from Experian.
More from TechRadar Pro
- Subway reportedly hit by LockBit ransomware - but is it half-baked speculation?
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.