Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Infosys blamed for Bank of America data breach

A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system.

Bank of America has filed a data breach report with the Office of the Maine Attorney General, in which it said that the incident originated from an Infosys subsidiary.

The report, filed on behalf of the Bank of America by an outside attorney, states that Infosys McCamish Systems (IMS), a part of the Indian tech services giant, is an outside counsel for Bank of America.

The total number of people who were affected by the incident, which happened on October 29 2023 and discovered a day later, is just north of 57,000, with the hackers stealing names (or other personal identifiers) and Social Security Numbers (SSN). The incident was described as “external system breach (hacking)”. 

"Potentially accessed"

In early November 2023, Infosys said its US subsidiary Infosys McCamish Systems LLC "has become aware of a cyber security incident resulting in non-availability of certain applications and systems in IMS."

The Register came across a sample of the letter the bank allegedly sent to affected customers, in which it said it was “unlikely that we will be able to determine with certainty what personal information was accessed as a result of this incident at IMS. According to our records, deferred compensation plan information may have included your first and last name, address, business email address, date of birth, Social Security number, and other account information." 

That’s more than enough information to mount disruptive social engineering attacks.

The publication also said that the infamous LockBit ransomware gang added IMS to its data leak site, a few days after the incident (November 4). Although a ransomware attack is highly likely, these reports are unconfirmed at the time. 

Victims have been warned to be wary of potential phishing attacks and identity theft, and were offered two years of free identity theft protection services from Experian.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.