Infosys Subsidiary Named as Source of Bank of America Data Leak

Indian tech services giant Infosys has been named as the source of a data leak suffered by the Bank of America. From a report: Infosys disclosed the breach in a November 3, 2023, filing that revealed its US subsidiary Infosys McCamish Systems LLC (IMS) "has become aware of a cyber security incident resulting in non-availability of certain applications and systems in IMS." A data breach notification filed in the US state of Maine this week describes the incident as "External system breach (hacking)" and reveals the improperly accessed data includes "Name or other personal identifier in combination with: Social Security Number." The notification was submitted by an outside attorney working on behalf of the Bank of America, names IMS as the source, and revealed that information on 57,028 people was leaked. A sample of the letter sent to those impacted by the incident reveals that on November 24, "IMS told Bank of America that data concerning deferred compensation plans serviced by Bank of America may have been compromised. Bank of America's systems were not compromised." Things then get a bit scary: "It is unlikely that we will be able to determine with certainty what personal information was accessed as a result of this incident at IMS. According to our records, deferred compensation plan information may have included your first and last name, address, business email address, date of birth, Social Security number, and other account information."

Read more of this story at Slashdot.