A November 2023 breach at IT consulting and service provider Infosys McCamish Systems has now been confirmed to have led to a data breach impacting Bank of America customers.
What Do We Know About The Bank Of America Data Breach?
The number of Bank of America customers impacted by the breach, including personally identifiable information such as social security numbers, account numbers, date of birth and addresses, has not been confirmed. However, reporters at Bleeping Computing say that according to an IMS breach notification letter on behalf of the Bank of America that has been filed with the Attorney General of Maine, the number exceeds 57,000.
That same notification states that hackers accessed IMS systems on November 3, 2023.
What Are Cybersecurity Experts Saying?
Oz Alashe MBE, CEO of human risk management platform CybSafe, says that the “impact of the data breach at Infosys McCamish Systems on the Bank of America emphasizes how increasingly connected the financial services are becoming as the sector continues to digitize. While the benefits of these processes are clear, institutions are increasingly trusting third-party organizations with customer data. Cybersecurity is not an ‘in-house’ issue, but one dependent on a series of organizations, from IT vendors and payment providers to cloud services and software platforms. Financial institutions and their partners must move beyond compliance and tick-box exercises, fostering an active security consciousness that encourages positive security behaviors.”
Al Lakhani, the CEO and founder of cyber security firm IDEE, adds that “protecting the supply chain is critical. Especially when they can cause these kinds of attacks. To fortify supply chains effectively, they must be protected using next-generation MFA solutions, which protect against credential, phishing and password-based attacks, including adversary-in-the-middle attacks by using same device MFA.”