Skip to content

Bank of America Warns About Massive Data Breach Affecting 57,000 Customers

The bank's service provider was part of a larger hack in 2023.

Despite advancements in cybersecurity, data breaches among powerful corporations seem like more and more of a frequent occurrence. Unfortunately, for everyday individuals who turn to financial institutions to protect their hard-earned money, not even banks are exempt from fraudulent encounters. And Bank of America is the latest banking conglomerate to fall victim to a major data breach that's impacted tens of thousands of customers.

RELATED: 6 Subtle Signs You're the Victim of Bank Fraud, According to Experts.

As of this reporting, Bank of America hadn't revealed the exact number of customers that have been affected. However, as Forbes first reported, "reporters at Bleeping Computing say that according to an IMS breach notification letter on behalf of the Bank of America that has been filed with the Attorney General of Maine, the number exceeds 57,000."

This is in reference to a "cybersecurity event" that took place on or around Nov. 3, 2023, to which Bank of America was notified 24 hours later. At the time, one of Bank of America's service providers, Infosys McCamish Systems (IMS), was on the receiving end of a major hack. It is believed the unauthorized third party was able to access customers' personally identifiable information (PII)—including account numbers, social security numbers, addresses, and dates of birth.

"On November 24, 2023, IMS told Bank of America that data concerning deferred compensation plans serviced by Bank of America may have been compromised. Bank of America's systems were not compromised," IMS said in the official data breach notice. "In response to the security incident, IMS retained a third-party forensic firm to investigate and assist with IMS's recovery plan, which included containing and remediating malicious activity, rebuilding systems, and enhancing response capabilities."

Since the investigation, IMS assured that there is "no evidence of continued threat actor access, tooling, or persistence in the IMS environment."

To restore customers' trust and as an extra level of protection, IMS announced that Bank of America will be offering its customers a complimentary two-year membership with an identity theft protection service under Experian IdentityWorksSM. The service provides users with internet surveillance, resolution of identity theft, and daily credit reports, per the notice.

IMS is also advising customers to pay close attention to credit reports and account statements for the next two years. If you have reasons to believe you may be a victim of identity theft or spot unauthorized charges on your account, contact Bank of America immediately. Customers can reach out to their local Bank of America branch or contact customer service.

Emily Weaver
Emily is a NYC-based freelance entertainment and lifestyle writer — though, she’ll never pass up the opportunity to talk about women’s health and sports (she thrives during the Olympics). Read more
Filed Under