News Hub

Bank of America data breach linked to Infosys tech services

Written by Wed 14 Feb 2024

Image Credit: Reuters

The Bank of America has identified the US subsidiary of Indian digital services company, Infosys, as the source of a data breach that affected over 57,028 of its users.

Infosys McCamish Systems (IMS) disclosed the breach in a 3 November filing, stating the company was impacted by a cybersecurity event when an unauthorised third party accessed IMS systems. This resulted in the non-availability of certain IMS applications.

The breach occurred on 29 October and was detected the following day. Consumers were informed about the breach on 1 February.

“On November 24, 2023, IMS told Bank of America that data concerning deferred compensation plans serviced by Bank of America may have been compromised. Bank of America’s systems were not compromised,” said IMS in a Notice of Data Breach sample letter.

The filing, submitted by lawyer Jason Chipman on behalf of IMS, described the incident as an ‘External system breach (hacking)’. 

“It is unlikely that we will be able to determine with certainty what personal information was accessed as a result of this incident at IMS,” said IMS.

According to its records, deferred compensation plan information may have included users’ first and last names, addresses, business email addresses, dates of birth, Social Security numbers, and other account information.

IMS said that those affected should review their credit reports and account statements over the next 24 months. The company has also offered a complimentary identity theft protection service.

Al Lakhani, CEO of IDEE, said: “Protecting the supply chain is critical. Especially when they can cause these kinds of attacks. Therefore, relying on first generation MFA that requires two devices and lacks the capability to prevent credential phishing attacks is a non-starter.

LockBit Claims IMS Cyberattack

In November, the LockBit ransomware group claimed responsibility for the IMS data breach. LockBit posted on its leak site that it encrypted over 2,000 systems during the breach. McCamish offered £39,000 ($50,000) for the return of the data, according to the ransomware group.

“If we receive good enough price from anyone we will sell 50GB data to you privately with starting bid of 500k, Message us on tox,” said the ransomware group. The currency of the starting bid price was not clarified.

LockBit operates on a ransomware-as-a-service business model. It sells its malicious software to affiliates, enabling them to execute cyberattacks.

The group is also responsible for the malicious malware of the same name. LockBit attackers typically threaten organisations with operational disruption, extortion, data theft and illegal publication.

“To fortify supply chains effectively, they must be protected using next-generation MFA solutions, which protect against credential, phishing and password-based attacks, including adversary-in-the-middle attacks by using same device MFA,” added Al Lakhani.

In January, LockBit claimed to have breached and stolen corporate data from Subway, prompting the company to investigate the attack on its IT systems. 

The ransomware group issued a deadline of 2 February for the fast food company to secure its compromised data. If no action was taken, LockBit threatened to sell the stolen information to the sandwich chain’s competitors.

In November, LockBit was suspected to be behind an attack on ICBC Financial Services critical systems, including corporate email and trading platforms. ICBC Financial Services is the US unit of ICBC and the world’s largest commercial lender by total assets.

Join Cloud & Cyber Security Expo

6-7 March 2024, ExCeL London

Cloud & Cyber Security Expo is one of the largest IT security events in Europe.

Don’t miss the chance to build partnerships and discover solutions to protect your business.

Written by Wed 14 Feb 2024

Send us a correction Send us a news tip