Bank of America reports third party data breach

published: Feb. 12, 2024

Learn More

Bank of America has reported a data breach stemming from a third-party cybersecurity incident at Infosys McCamish Systems LLC (IMS), a vendor managing deferred compensation plans for the bank.

IMS, part of the global IT and consulting firm Infosys Limited, encountered a cyberattack rendering certain systems and applications inaccessible. Despite the incident, Bank of America’s own network remained secure and uncompromised. The breach impacted a reported 57,028 individuals.

The LockBit ransomware gang has claimed responsibility for this cybersecurity incident, alleging the encryption of over 2,000 systems belonging to IMS.

The compromised data includes

  • names,
  • Social Security numbers,
  • financial account details,
  • addresses,
  • dates of birth of affected individuals.

Following an investigation of the incident, which was initially detected on November 3, 2023, Bank of America has commenced sending out notification letters to the impacted consumers, advising them on steps to safeguard against potential fraud and identity theft.

Bank of America reports third party data breach