Editorial Note: We earn a commission from partner links on Forbes Advisor. Commissions do not affect our editors' opinions or evaluations.
About 57,000 Bank of America customers are being warned that their personal information may have been exposed during a November cyberattack on bank service provider Infosys McCamish Systems.
The data breach, attributed to the LockBit ransomware group according to several reports, occurred on Infosys McCamish’s system on November 3 and was reported to Bank of America on November 24.
However, consumers whose data may have been compromised were not notified of the security failure until February 1, or about 90 days after the breach was discovered, potentially violating state notification laws.
Customers who were affected were enrolled in Bank of America-sponsored deferred compensation plans at companies, which provide tax advantages for employees who defer a portion of their paychecks until a later date, such as at retirement, Infosys McCamish said.
Featured Partners
Price
$19 for the first year
Built-In Internet Security
Yes
iOS & Android Protection
Yes
Price
$29.99 your first year
Sensitive Customer Information May Have Been Leaked
Personal information that might have been compromised in the hack may include the victims’:
- First and last name
- Address
- Business email address
- Date of birth
- Social Security number
- Other account information
It’s still unclear exactly what data might have been accessed, and there’s so far no evidence the information was misused, according to a letter Infosys McCamish sent to affected consumers.
Affected Customers Offered Free Identity Protection Service
Bank of America is offering affected customers a free two-year membership to Experian IdentityWorks. This identity theft protection program includes daily credit report monitoring from Experian, Equifax and TransUnion, internet surveillance, and identity theft resolution, among other services.
To claim this offer, you can enroll online or call Experian IdentityWorks. You’ll need the activation code and engagement number provided by Bank of America.
When Personal Data Is Compromised, Timing Is Critical
The longer thieves may have access to your personal information, the more damage they can do. This is why some states mandate that affected individuals be notified within a certain time frame if their personal information is compromised in a cyberattack.
For example, in Maine, notification must be made no later than 30 days after a breach is discovered, with allowances for law enforcement investigations. Indiana’s time frame is a little longer, at 45 days.
It’s unclear why there was such a lag between the discovery of the breach and the effort to inform customers. Bank of America and Infosys McCamish have so far not commented.
“If you suspect that someone has stolen your identity, acting quickly is the best way to limit the damage,” the Department of Justice advises.
According to the DOJ, if an organization that holds your personal information experiences a data breach, it must inform you of your rights. You have the option to take the following precautions:
- Request a fraud alert to be placed on your credit file
- Monitor your accounts for suspicious behavior
- Exercise your right to obtain a free copy of your credit report.
If highly sensitive and valuable information such as your Social Security number might have been stolen, placing a credit freeze on your credit reports can block bad actors from opening new lines of credit in your name.
Find the Best Identity Theft Protection Services of 2024
FAQs
Bank of America Customers Left In The Dark About Data Breach For 90 Days. About 57,000 Bank of America customers are being warned that their personal information may have been exposed during a November cyberattack on bank service provider Infosys McCamish Systems.
Is Bank of America warning customers of a data breach? ›
Bank of America customers' information possibly leaked in data breach. On Nov. 3, 2023, Infosys McCamish Systems LLC (IMS) was hacked. CHARLOTTE, N.C. — Some Bank of America customers may have had their information leaked after a data breach at Infosys McCamish Systems LLC (IMS).
What is the latest Bank of America breach? ›
This security breach occurred in November of 2023 when an unauthorized third party accessed the systems of IMS. Affected customers had personally identifiable information exposed, including names, addresses and Social Security numbers.
Were Bank of America customers compromised by a third party vendor? ›
Bank of America is notifying customers that their personal information was compromised in a data breach impacting third-party vendor Infosys McCamish Systems (IMS), an insurance process management services provider. The breach reportedly occurred after IMS was hacked in November 2023.
What happens if a Bank has a data breach? ›
Your institution has to pay a data forensics team to find the source of the breach and hire security experts to tighten up that part of your system. Notifying your clients of the breach also costs money in terms of in and outbound communication and offering identity protection services.
Did Bank of America glitch sent customers into panic over missing funds? ›
A Bank of America Glitch Sent Customers Into a Panic Over Missing Funds. On Wednesday morning, Bank of America customers began reporting issues with payments processed through the money transfer service Zelle, which led to money disappearing from their accounts.
Should I be worried about a data breach? ›
Data breaches are incidents in which confidential information, including consumer data, is stolen from a company or organization. If you receive a notice that your information has been compromised in a data breach, it's important to act quickly to secure your accounts and take preventive measures against fraud.
How do I know if I was affected by data breach? ›
One of the best ways to check if you have been hacked is to enter your email into a number of data breach websites that track breaches and verify them as genuine. The websites will tell you if your email and associated passwords were part of any known data breaches.
What can a data breach cause? ›
The damage a Data Breach can do
The effects of a data leak can be a lasting issue for your reputation, finances, and more. For business organizations: a data breach can have a devastating effect on an organization's reputation and financial bottom line.
Who hacked Bank of America? ›
In the case of the Bank of America data breach, LockBit found Infosys McCamish Systems (IMS), a Indian tech services giant, to serve this purpose.
CFPB Takes Action Against Bank of America for Illegally Charging Junk Fees, Withholding Credit Card Rewards, and Opening Fake Accounts | Consumer Financial Protection Bureau.
Is Bank of America in financial trouble? ›
Bank of America's Financial Health
In recent years, Bank of America's financial performance has been relatively stable. In 2022, the bank reported a net income of $20.4 billion, a decrease from the previous year's $27.4 billion.
What is the largest lawsuit against Bank of America? ›
The Bank of America case is led by California truck driver Anthony Ramirez, California manufacturing worker Mynor Aldana and New Jersey retired widow Janet Hobson. Each said the bank refused to refund hundreds of dollars of overdraft and insufficient funds fees imposed in 2020, 2021 or 2022.
Is Bank of America warn customers of data breach after vendor hack? ›
About 57,000 Bank of America customers are being warned that their personal information may have been exposed during a November cyberattack on bank service provider Infosys McCamish Systems.
What were the top 3 5 complaints customers at banks encounter on a regular basis? ›
In this article, we'll look at some of the most common customer complaints in banking and how you can handle them effectively.
- 1 Fees and charges. ...
- 2 Service quality. ...
- 3 Security and privacy. ...
- 4 Products and features. ...
- 5 Communication and relationship. ...
- 6 Complaint resolution. ...
- 7 Here's what else to consider.
How much time do we have to report a breach? You must report a notifiable breach to the ICO without undue delay, but not later than 72 hours after becoming aware of it.
How many customers leave after data breach? ›
A Single Data Breach Can Rob You of 78% of Your Customers, Study Indicates. More than three-quarters of consumers would completely abandon a brand online if they heard the organization were breached by hackers, and around half would not sign up for a new online service that they heard was breached recently.
Is Bank of America in danger of failure? ›
Based on the analysis of Bank of America's financial health, risk profile, and regulatory compliance, we can conclude that the bank is relatively safe from any trouble or collapse.
How long does a bank have to report a data breach? ›
By law, you've got to report a personal data breach to the ICO without undue delay (if it meets the threshold for reporting) and within 72 hours.
