Summary:
Bank of America is warning its customers of a data breach exposing their personal information after one of its third-party service providers, Infosys McCamish System (IMS) fell victim to a cyber attack in November of last year. LockBit claimed responsibility for the attack, listing IMS on its data leak site on November 4. According to IMS, the vendor was able to restore all of the impacted systems but believes that certain data was exfiltrated including customer data. Bank of America which has been sending out notices to impacted individuals notes that it cannot determine what personal information was accessed during the attack. However, this could likely include names, addresses, dates of birth, Social Security numbers, business email addresses, and other account information.

Analyst Comments:
Given that personally identifiable information was stolen, cybercriminals will likely use the data to launch further targeted phishing and social engineering attacks. As a precaution, users should be on the lookout for suspicious login attempts and phishing emails and monitor financial accounts accordingly. Bank of America is offering a complimentary two-year membership in an identity theft protection service provided by Experian IdentityWork, which can be used to monitor credit reports and surveil for identity theft.

Link(s):
https://www.securityweek.com/bank-of-america-informing-customers-of-data-breach/