International. The attack took place against Infosys McCamish Systems (IMS), the U.S. bank's provider, when an unauthorized third party accessed its systems, causing some applications to become unavailable.
The cybersecurity event occurred around November 3, 2023, and three weeks later, IMS informed Bank of America that some data in its possession, related to deferred compensation plans serviced by Bank of America, may have been breached. Bank of America's systems were not compromised.
According to a letter filed by IMS with the Maine State Attorney General, it is unlikely that it will be possible to determine with certainty what personal information of Bank of America customers the cybercriminals accessed.
"According to our records, deferred compensation plan information may have included your first and last name, address, business email address, date of birth, Social Security number, and other account information," the letter reads.
Bank of America's provider also said it hired an external forensic firm to investigate and assist with the recovery plan, which includes actions such as containing and remediating malicious activities, rebuilding the system and improving response capabilities.
Quoted by Forbes magazine, Oz Alashe MBE, director of CybSafe, stated that "institutions are increasingly entrusting customer data to third parties. Cybersecurity is not an internal matter, but depends on a number of organizations, from IT providers and payment providers to cloud services and software platforms. Financial institutions and their partners need to go beyond compliance exercises and check boxes, fostering active security awareness that encourages positive security behaviors."
Leave your comment