Infosys blamed for Bank of America data breach

The total number of people who were affected by the incident, which happened on October 29 2023 and discovered a day later, is just north of 57,000, with the hackers stealing names (or other personal identifiers) and Social Security Numbers (SSN). The incident was described as “external system breach (hacking)”. 

"Potentially accessed"

In early November 2023, Infosys said its US subsidiary Infosys McCamish Systems LLC "has become aware of a cyber security incident resulting in non-availability of certain applications and systems in IMS."

The Register came across a sample of the letter the bank allegedly sent to affected customers, in which it said it was “unlikely that we will be able to determine with certainty what personal information was accessed as a result of this incident at IMS. According to our records, deferred compensation plan information may have included your first and last name, address, business email address, date of birth, Social Security number, and other account information." 

That’s more than enough information to mount disruptive social engineering attacks.

The publication also said that the infamous LockBit ransomware gang added IMS to its data leak site, a few days after the incident (November 4). Although a ransomware attack is highly likely, these reports are unconfirmed at the time. 

Victims have been warned to be wary of potential phishing attacks and identity theft, and were offered two years of free identity theft protection services from Experian.

More from TechRadar Pro

• Subway reportedly hit by LockBit ransomware - but is it half-baked speculation?
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now