Infosys McCamish Systems (IMS) – a subsidiary of Indian consulting giant Infosys, owned by Rishi Sunak’s wife’s family – was breached last November, when “an unauthorised third party” accessed its network.
According to Bank of America’s data breach notification, it took IMS 21 days to notify the bank that “data concerning deferred compensation plans serviced by Bank of America may have been compromised.” Bank of America’s systems themselves were not compromised.
Although IMS could not say exactly what personal information was involved, Bank of America wrote, “deferred compensation plan information may have included your first and last name, address, business email address, date of birth, Social Security number, and other account information.”
Read more: Betrayal, bewilderment and Bank of America
Details shared with the Attorney General of Texas shows that “other account information” may have included account and credit card numbers. Meanwhile, a filing with the Attorney General of Maine shows more than 57,000 people were directly affected by the breach.
Considering Bank of America serves around 69 million customers across 35 countries, that is a vanishingly small number. However, any data breach – especially of sensitive financial information – is potentially a cause for concern.
We have asked both the bank and IMS for a comment, although as the teams responsible for the incident operate on US time we haven’t had an answer yet.
LockBit claimed responsibility for the attack on 4th November last year.
Oz Alashe, CEO of CybSafe, said the breach’s impact “emphasises how increasingly connected the financial services are becoming as the sector continues to digitise.” Although he acknowledged the benefits of such an arrangement, he also noted the vulnerabilities opened by trusting a third party with customer data.
“Cybersecurity is not an ‘in-house’ issue, but one dependent on a series of organisations, from IT vendors and payment providers to cloud services and software platforms.
“Financial institutions and their partners must move beyond compliance and tick-box exercises, fostering an active security consciousness that encourages positive security behaviours.”
Meanwhile Rick Jones, CEO and co-founder of DigitalXRAID, warned, “What we’re seeing here may be just the start of yet another hugely significant incident in cyber industry, and what should be a watershed moment for software security.”
Wanda Parisien is a computing expert who navigates the vast landscape of hardware and software. With a focus on computer technology, software development, and industry trends, Wanda delivers informative content, tutorials, and analyses to keep readers updated on the latest in the world of computing.