Month: February 2024

Bank of America revealed that the personal information of some customers was stolen in a data breach affecting a third-party services provider.

A data breach at Infosys McCamish, a financial software provider, compromised the name, address, date of birth, Social Security number, and financial information, including account and credit card numbers, of 57,028 deferred compensation customers whose accounts were serviced by Bank of America.

An unauthorized party — apparently a ransomware group known as LockBit — accessed the customers’ information through Infosys McCamish’s system, not Bank of America’s, according to a letter Infosys McCamish sent to affected customers, published by Maine’s attorney general. Bank of America provided two-year identity theft protection to the affected customers.

The breach occurred on Nov. 3, 2023, and Infosys McCamish notified Bank of America about the breach on Nov. 24. Infosys McCamish and Bank of America notified customers of the breach on Feb. 2, 2024.

Bank of America has yet to disclose how many of the 57,028 accounts were customer accounts.

Read more about it here.

Hewlett Packard Enterprise (HPE) is investigating a potential new data breach, after a hacker put allegedly stolen data up for sale on BreachForums hacking forum, claiming it contains HPE credentials and other sensitive information.

The announcement was published by a hacker who uses the moniker IntelBroker.

“Hello BreachForums Community. Today, I am selling the data I have taken from Hewlett Packard Enterprise.” reads the announcement published by IntelBroker. “More specifically, the data includes: CI/CD access , System logs , Config Files , Access Tokens , HPE StoreOnce Files (Serial numbers warrant etc) & Access passwords. (Email services are also included)”

IntelBroker is considered a reputable threat actor: It was linked to the breaches of DC Health Link and Volvo Cars.

HPE became aware of the intrusion on December 12, 2023 and immediately launched an investigation. They found that the data at issue appears to be related to information that was contained in a test environment. There is no indication these claims relate to any compromise of HPE production environments or customer information.

HPE is a multinational information technology company based in Spring, Texas.

Read more about it here.

Scammers successfully stole HK$200 million (approximately $25.6 million) from a multinational company in Hong Kong by using a deepfake video call to deceive an employee into transferring the funds. The finance employee attended a video conference call with deepfake recreations of the company’s Chief Financial Officer (CFO) and other employees who instructed him to transfer the funds. The employee initiated a series of 15 bank transfers to five different Hong Kong accounts totaling HK$200 million.

The employee discovered the scam a week later and notified the company and local authorities.

The identity of the company wasn’t revealed.

The investigation is still ongoing, the police have yet to identify the gang behind the scam

Read more about it here.