Skip to content

Behind the Breach: Unraveling Bank of America's Third-Party Data Breach


Bank of America recently got tangled in a cybersecurity drama, affecting 57,028 individuals due to a breach at Infosys McCamish (IMS), a third-party service, in November 2023. Not stopping there, the notorious LockBit ransomware gang claimed responsibility. 

Behind IMS is Infosys, a tech giant with a massive global footprint in IT consulting. Despite the chaos, Infosys has yet to comment on LockBit's claims or shed more light on the breach.

But that's just the tip of the iceberg; earlier in May, another breach exposed sensitive customer info via a different service provider. Let’s unpack what happened!


What Went Down?

In November 2023, IMS found itself in hot water when an unauthorized party decided to take a peek at their systems. This wasn't just a peek, though; it disrupted certain apps that Bank of America leans on for managing deferred compensation plans. IMS reported that 57,028 Bank of America customers were directly impacted. Thankfully, Bank of America’s own systems were not accessed; however, there is no information about what personal information was compromised. Definitely stay tuned for future Bank of America updates on the situation.


The Culprits Come Forward

Enter LockBit, the cyber equivalent of a blockbuster villain, claiming they were the masterminds behind the disruption on November 4th. They didn't just stop at a claim; they boasted about encrypting over 2,000 systems. Since 2020, these folks have been on a rampage, targeting everyone from the UK Royal Mail to the City of Oakland.


History Repeats Itself Sometimes

Unfortunately in May 2023, Bank of America's customers faced another security hiccup. This time, the Clop cybercrime gang got their hands on sensitive info through the MOVEit Transfer platform breach, affecting over 30,000 individuals. 


Protect Your Data! 

As a consumer, hearing about data breaches like this one affecting Bank of America is quite scary. But don’t be afraid, we’ve got a few tips for you to protect yourself from incidents like these: 

  1. Stay Alert: Keep an eye on announcements about breaches or security updates related to services you use.
  2. Secure Your Passwords: Use complex, unique passwords for different accounts, and consider a password manager.
  3. Enable 2FA: Two-factor authentication adds an extra security layer, making your accounts harder to hack.
  4. Check Your Statements: Regularly review your bank and credit card statements for any suspicious activity.
  5. Avoid Phishing Traps: Be cautious of emails or messages asking for personal info. When in doubt, don't click.
  6. Keep Software Updated: Regular updates help protect against known vulnerabilities.
  7. Consider Credit Monitoring: Services that monitor your credit can alert you to potential fraud early on. Many financial institutions provide these services free of charge to their customers as a proactive measure against identity theft and fraud.


Wrapping It Up

This whole situation serves as a reminder of the cyber threats that lurk around the corner, especially when third-party services are involved. Don’t ever assume that your information is safe, even with large institutions. To consumers and enterprises alike, always proactively monitor and protect your data!