- Bank of America has notified its customers of a data breach resulting from a security incident involving its partner, Indian digital services provider Infosys McCamish Systems (IMS).
- The incident is believed to have occurred around November 3, 2023, when an unauthorized third party accessed IMS’s systems.
- A total of 57,028 Bank of America customers are estimated to have been affected by the breach.
- IMS, which services Bank of America’s deferred compensation plans, stated that it is unlikely to identify the specific personal information accessed during the breach but mentioned that customers’ names, addresses, business email addresses, date of birth, and social security numbers could be among the exposed information.
- IMS notified Bank of America three weeks after the incident, on November 24, 2023, and has implemented a recovery plan, including rebuilding systems, enhancing security defenses, and improving response capabilities.
- Bank of America is offering affected customers a complimentary two-year membership with IdentityWorks, an identity theft protection service provided by Experian.
