Bank of America Alerts Customers to Data Breach Following Infosys McCamish Systems Hack in 2023
In the wake of a cybersecurity incident in November 2023 involving Infosys McCamish Systems, an IT consulting and service provider, Bank of America has confirmed a data breach affecting its customers. The breach has led to unauthorized access to sensitive customer information, raising concerns over the security of personal and financial data.
Details of the Breach and Its Impact on Bank of America Customers
While the exact number of customers affected by this breach remains undisclosed, reports from Bleeping Computing, based on a breach notification letter submitted to the Attorney General of Maine on behalf of Bank of America, suggest that more than 57,000 individuals have had their personal data compromised. The exposed information includes social security numbers, account numbers, dates of birth, and addresses, marking a significant privacy violation for those impacted.
The breach notification indicates that unauthorized access to Infosys McCamish Systems’ infrastructure occurred on November 3, 2023, highlighting the vulnerabilities in the IT systems managing sensitive customer data.
Insights from Cybersecurity Professionals
Oz Alashe MBE, CEO of CybSafe, a human risk management platform, commented on the incident, emphasizing the interconnected nature of the financial services sector and its increasing reliance on third-party organizations for digitizing processes. Alashe noted, “The data breach at Infosys McCamish Systems underscores the critical need for financial institutions and their third-party partners to adopt a proactive approach to cybersecurity, transcending mere compliance to foster a culture of active security awareness and behaviors.”
Al Lakhani, CEO and founder of cybersecurity firm IDEE, highlighted the importance of securing the supply chain against cyber threats. Lakhani advocated for the adoption of next-generation Multi-Factor Authentication (MFA) solutions to protect against a range of cyberattacks, including credential theft, phishing, and password-based breaches, as well as more sophisticated adversary-in-the-middle attacks, utilizing same device MFA technologies.
The breach at Infosys McCamish Systems serves as a stark reminder of the vulnerabilities present in the digital infrastructure of financial services, urging institutions and their service providers to bolster their cybersecurity measures and protect customer data from future threats.