Bank of America revealed that the personal information of some customers was stolen in a data breach affecting a third-party services provider.
A data breach at Infosys McCamish, a financial software provider, compromised the name, address, date of birth, Social Security number, and financial information, including account and credit card numbers, of 57,028 deferred compensation customers whose accounts were serviced by Bank of America.
An unauthorized party — apparently a ransomware group known as LockBit — accessed the customers’ information through Infosys McCamish’s system, not Bank of America’s, according to a letter Infosys McCamish sent to affected customers, published by Maine’s attorney general. Bank of America provided two-year identity theft protection to the affected customers.
The breach occurred on Nov. 3, 2023, and Infosys McCamish notified Bank of America about the breach on Nov. 24. Infosys McCamish and Bank of America notified customers of the breach on Feb. 2, 2024.
Bank of America has yet to disclose how many of the 57,028 accounts were customer accounts.
Read more about it here.