Infosys Breach Exposes Thousands of Bank of America Clients

In November 2023, the Indian conglomerate Infosys, a global titan in software provision, precipitated a widespread data breach that implicated Bank of America’s clientele. An official statement released on November 3rd revealed that the American division of Infosys, namely Infosys McCamish Systems LLC (IMS), grappled with a grave incident, temporarily disabling crucial systems and applications.

The dilemma was officially characterized as an “external security breach,” corroborating the occurrence of a cyberattack. A notification submitted to the Maine state administration disclosed that hackers managed to access data including names, social security numbers, and other personal identifiers of nearly 60,000 individuals.

Marriott Starwood Hotel Data Breach

This incident garnered particular attention as it also affected deferred compensation plans serviced by Bank of America, highlighting that the bank’s systems were not directly compromised.

In essence, the breach encompassed nearly everything a fraudster might require for identity theft—a highly plausible outcome of this event, especially since “deferred compensation plans” refer to private pensions, savings, and incentive stock options.

Moreover, this term encompasses payouts from life insurance policies, with IMS serving as Infosys’s key center of excellence for software solutions and services in the life insurance sector in the United States.

The situation was further exacerbated by reports suggesting the involvement of the notorious cybercriminal group using LockBit ransomware software, lending grave significance to the incident given the potency and peril of this malware.

Victims were offered standard precautionary measures, including password changes and account monitoring, alongside a two-year personal data theft protection program by Experian. This situation once again underscores the critical importance of cybersecurity and the need for a comprehensive approach to protecting personal data.

As of now, Infosys has not issued any official comments regarding the incident.