Bank of America confirms data breach compromised customer data in November 2023

Bank of America data breach overview: 

• Who: Bank of America warned customers they may have been affected by a November 2023 data breach that occurred as a result of a cybersecurity incident affecting of its service providers, InfoSys McCamish Systems (IMS). 
• Why: The cybersecurity incident may have been compromised data concerning deferred compensation plans service by Bank of America. 
• Where: The data breach could affect Bank of America customers nationwide. 

A Bank of America data breach may have compromised customer data on or around Nov. 3, 2023, the company says. 

The incident, which involved Bank of America servicer InfoSys McCamish Systems (IMS), may have compromised data concerning deferred compensation plans serviced by Bank of America, according to a sample data breach notification letter. 

Bank of America said that, while it is “unlikely” it will be able to determine with certainty what information may have been compromised, the deferred compensation plans may have included first and last names, addresses, Social Security numbers, business email addresses and other account information. 

IMS, meanwhile, conducted an investigation and recovery plan assisted by a third-party forensic firm in the wake of the incident, and has found no evidence of a “continued threat actor access, tooling, or persistence in the IMS environment,” according to the sample letter. 

Bank of America’s own systems not affected, bank says

Bank of America said IMS disclosed on Nov. 24, 2023, that it may have been affected by the data breach. The bank maintains that its systems were never themselves compromised by the incident. 

The financial institution said it will offer a complimentary two-year membership for an Experian identity theft protection package to customers who may have been affected by the data breach.

Bank of America also advised its customers to review their credit reports and account statements over the next two years and to notify their financial institution of any unauthorized transactions or incidents that they suspect could be connected to identity theft.

In other recent news involving Bank of America, the financial institution agreed to pay $500,000 in November to end claims it violated Florida law by allegedly sending late-night debt-collection communications to its account holders. The settlement was given final approval in January. 

Were you affected by the Bank of America data breach ? Let us know in the comments.

Read About More Class Action Lawsuits & Class Action Settlements:

• Chinese hackers have infiltrated critical U.S. systems for years, officials say
• Google to pay $350M settlement in Google+ data breach
• ‘Mother of all data breaches’ includes more records, brands than initially thought
• 23andMe hackers sought Jewish, Chinese customers’ data, class action alleges