Bank of America has named Infosys McCamish Systems (IMS), the US subsidiary of Indian software services giant Infosys, as the source of a data leak owing to a ransomware attack suffered by over 57,000 of its users in November, according to documents reviewed by ET.
“On or around November 3, 2023, IMS was impacted by a cybersecurity event when an unauthorized third party accessed IMS systems, resulting in the non-availability of certain IMS applications. On November 24, 2023, IMS told Bank of America that data concerning deferred compensation plans serviced by Bank of America may have been compromised,” said a letter sent earlier in February to Bank of America consumers informing about the data breach. ET has reviewed the letter.
The notification by Bank of America described the nature of the incident as “External system breach (hacking)" that illegally accessed information of 57,028 persons stealing data such as “Name or other personal identifier in combination with: Social Security Number”. Bank of America’s systems were not compromised, it added.
This is as per a recent disclosure filed this week by the bank’s outside counsel Jason Chipman, on behalf of Bank of America. The disclosure named IMS in a submission of a data breach