Infosys at fault for Bank of America data vulnerabilities

February 13, 2024
1 min read

TLDR:

Bank of America has reported a data breach to the Office of the Maine Attorney General, attributing it to an Infosys subsidiary. The breach occurred on October 29, 2023, and affected just over 57,000 individuals, with hackers stealing names and Social Security Numbers. Infosys confirmed a cyber security incident at its US subsidiary, but the extent of the breach is still unknown. The infamous LockBit ransomware gang has added Infosys McCamish Systems to its data leak site, but the possibility of a ransomware attack remains unconfirmed.

Bank of America has filed a data breach report with the Office of the Maine Attorney General, attributing the incident to an Infosys subsidiary. The breach occurred on October 29, 2023, and affected just over 57,000 individuals. Hackers were able to steal names and Social Security Numbers (SSN) in the attack. The incident was described as an “external system breach (hacking).” Infosys confirmed a cyber security incident at its US subsidiary, Infosys McCamish Systems, in early November 2023. The company stated that certain applications and systems were non-available following the incident. The extent of the breach and the specific information accessed is still unknown, and Infosys stated that it may not be able to determine with certainty what personal information was accessed. The publication also mentioned that the LockBit ransomware gang added Infosys McCamish Systems to its data leak site a few days after the incident, although it is not confirmed if it was a ransomware attack. Bank of America has alerted affected customers to be wary of potential phishing attacks and identity theft and has offered two years of free identity theft protection services.

Latest from Blog

Top VPN’s privacy claims confirmed by independent auditors

TLDR: Independent auditors from Deloitte Romania confirmed CyberGhost VPN’s privacy claims through a detailed audit of their systems. Auditors found that CyberGhost’s no-logs infrastructure works as expected, ensuring user data privacy. Independent