A November cyberattack on Infosys McCamish Systems, a service provider for Bank of America, exposed personal data of over 57,000 customers enrolled in deferred compensation plans. Although the breach, linked to the LockBit ransomware group, occurred November 3 it wasn’t reported to Bank of America until November 24—leading to a nearly 90-day delay in notifying affected individuals.
The exposed data may include:
- Full name
- Address
- Business email
- Date of birth
- Social Security number
- Other account details
While no misuse of data has been reported, the delay in notification raises concerns about compliance with state laws requiring timely breach disclosures.
Bank of America customers were breached in another incident involving one its third-party providers last year. An unauthorized actor accessed the systems of NCB Management Services, a national accounts receivable management company, last February, exposing the credit card account information of nearly 500,000 Bank of America customers.
Cyberattacks have long affected financial institutions, leading the Federal Deposit Insurance Corp., the Office of the Comptroller of the Currency and the Federal Reserve to require banks to report incidents to their primary regulator within 36 hours, if it’s determined the incident could disrupt business or the stability of the financial sector.
Enhancing Cybersecurity Measures
This breach underscores the need for stronger security protocols. To prevent unauthorized access, companies should:
- Monitor systems for suspicious activity
- Require multifactor authentication
- Implement a robust breach response plan
While this breach is relatively small, it’s part of a larger trend of third-party breaches impacting major U.S. banks. According to a report released by SecurityScorecard in December, 97% of the top 100 U.S. banks experienced a third-party data breach in the past year, exposing significant vulnerabilities in banking supply chains.
At Enfortra, we provide identity theft protection solutions that help businesses and individuals safeguard sensitive information. Don’t wait until a breach happens—strengthen your security today.
