BoA names Infy’s US unit in data breach

New Delhi: Bank of America (BoA) has named Infosys McCamish Systems as a source of a data breach that it said affected 57,028 customers, as per documents submitted to the Maine Attorney General in the US.

Infosys McCamish Systems (IMS) is an Infosys’ step-down subsidiary. The notification, penned on behalf of Bank of America, describes the breach as an external system breach (hacking), while the information acquired has been mentioned as name or other personal identifier in combination with: social security number.

As per the data breach notification, the total number of persons affected (including residents) has been estimated at 57,028, and the total number of residents of Maine - the northeasternmost US state - who were affected by the data compromise was 93. As per the notification, the breach occurred on October 29, 2023, and was discovered on October 30, 2023. The submission to the Office of the Maine Attorney General by an outside counsel for Bank of America (BofA) names IMS in the data breach notification.

A letter uploaded alongside the disclosure said, “On or around November 3, 2023, IMS was impacted by a cybersecurity event when an unauthorised third party accessed IMS systems, resulting in the non-availability of certain IMS applications. On November 24, 2023, IMS told Bank of America that data concerning deferred compensation plans serviced by Bank of America may have been compromised. Bank of America's systems were not compromised”.