Financial institution of America is warning prospects of a data breach exposing their private info after considered one of its service suppliers was hacked final 12 months.
Buyer personally identifiable info (PII) uncovered within the security breach contains the affected people’ names, addresses, social security numbers, dates of delivery, and monetary info, together with account and bank card numbers, in accordance with particulars shared with the Legal professional Basic of Texas.
Whereas Financial institution of America has but to reveal what number of prospects had been impacted by the data breach, Infosys McCamish Programs (IMS), the seller that had its techniques compromised, revealed in a current submitting with the Legal professional Basic of Maine that 57,028 had their knowledge uncovered within the incident.
Infosys, IMS’ mother or father firm, is a multinational IT consulting big with over 300,000 workers and purchasers in over 56 nations.
Financial institution of America serves roughly 69 million purchasers at over 3,800 retail monetary facilities and thru roughly 15,000 ATMs in the US, its territories, and greater than 35 nations.
“Or round November 3, 2023, IMS was impacted by a cybersecurity occasion when an unauthorized third social gathering accessed IMS techniques, ensuing within the non-availability of sure IMS purposes,” IMS stated.
“On November 24, 2023, IMS informed Financial institution of America that knowledge regarding deferred compensation plans serviced by Financial institution of America could have been compromised. Financial institution of America’s techniques weren’t compromised.”
“It’s unlikely that we will decide with certainty what private info was accessed because of this incident at IMS.”
LockBit claims ransomware assault on IMS
IMS stated the security breach led to a “non-availability of sure purposes and techniques in IMS” when it first disclosed the incident in a submitting with the U.S. Securities and Trade Fee
On November 4th, the LockBit ransomware gang claimed accountability for the IMS assault, saying that its operators encrypted over 2,000 techniques throughout the breach.
The LockBit ransomware-as-a-service (RaaS) operation got here to mild in September 2019 and has since focused many high-profile organizations, together with the UK Royal Mail, the Continental automotive big, the Metropolis of Oakland, and the Italian Inner Income Service.
In June, cybersecurity authorities in the US and companions worldwide launched a joint advisory estimating that the LockBit gang has extorted a minimum of $91 million from U.S. organizations following roughly 1,700 assaults since 2020.
A Financial institution of America spokesperson was not instantly out there for remark when contacted by BleepingComputer earlier right now.
