International. The attack occurred against Infosys McCamish Systems (IMS), a supplier to the US banking entity, when an unauthorized third party accessed its systems, causing some applications to become unavailable.
The cybersecurity event occurred around November 3, 2023 and three weeks later, IMS informed Bank of America that some data in its possession, related to deferred compensation plans serviced by Bank of America, may have been breached. Bank of America's systems were not compromised.
According to a letter filed by IMS with the Attorney General of the State of Maine, it is unlikely that it can be determined with certainty what personal information of Bank of America customers was accessed by cybercriminals.
“According to our records, the deferred compensation plan information may have included your first and last name, address, business email address, date of birth, Social Security number, and other account information,” the letter reads.
The Bank of America provider also specified that it hired an external forensic company to investigate and assist with the recovery plan, which includes actions such as containment and remediation of malicious activities, system reconstruction and improving security capabilities.
Quoted by Forbes magazine, Oz Alashe MBE, director of CybSafe, stated that “institutions are increasingly entrusting customer data to third parties. Cybersecurity is not an internal issue, but depends on a number of organizations, from IT providers and payment providers to cloud services and software platforms. Financial institutions and their partners must go beyond compliance exercises and tick boxes, fostering active security awareness that encourages positive security behaviors”.
Leave your comment