Bank of America is informing customers of a information breach exposing their individual accusation aft 1 of its work providers was hacked past year.
Customer personally identifiable accusation (PII) exposed successful nan information breach includes nan affected individuals' names, addresses, societal information numbers, dates of birth, and financial information, including relationship and in installments paper numbers, according to specifications shared pinch nan Attorney General of Texas.
While Bank of America has yet to disclose really galore customers were impacted by nan information breach, Infosys McCamish Systems (IMS), nan vendor that had its systems compromised, revealed successful a caller filing pinch nan Attorney General of Maine that 57,028 had their information exposed successful nan incident.
Infosys, IMS' genitor company, is simply a multinational IT consulting elephantine pinch complete 300,000 labor and clients successful complete 56 countries.
Bank of America serves astir 69 cardinal clients astatine complete 3,800 unit financial centers and done astir 15,000 ATMs successful nan United States, its territories, and much than 35 countries.
"Or astir November 3, 2023, IMS was impacted by a cybersecurity arena erstwhile an unauthorized 3rd statement accessed IMS systems, resulting successful nan non-availability of definite IMS applications," IMS said.
"On November 24, 2023, IMS told Bank of America that information concerning deferred compensation plans serviced by Bank of America whitethorn person been compromised. Bank of America's systems were not compromised."
"It is improbable that we will beryllium capable to find pinch certainty what individual accusation was accessed arsenic a consequence of this incident astatine IMS."
LockBit claims ransomware onslaught connected IMS
IMS said nan information breach led to a "non-availability of definite applications and systems successful IMS" erstwhile it first disclosed nan incident successful a filing pinch nan U.S. Securities and Exchange Commission
On November 4th, nan LockBit ransomware pack claimed work for nan IMS attack, saying that its operators encrypted complete 2,000 systems during nan breach.
The LockBit ransomware-as-a-service (RaaS) cognition came to ray successful September 2019 and has since targeted galore high-profile organizations, including nan UK Royal Mail, nan Continental automotive giant, nan City of Oakland, and nan Italian Internal Revenue Service.
In June, cybersecurity authorities successful nan United States and partners worldwide released a associated advisory estimating that nan LockBit pack has extorted astatine slightest $91 million from U.S. organizations pursuing astir 1,700 attacks since 2020.
A Bank of America spokesperson was not instantly disposable for remark erstwhile contacted by BleepingComputer earlier today.