Bank of America names Infosys' US subsidiary in data breach notification

NEW DELHI: Bank of America has named Infosys McCamish Systems as a source of a data breach that it said affected 57,028 customers, as per documents submitted to the Maine Attorney General in the US.

Infosys McCamish Systems (IMS) is an Infosys' step-down subsidiary.

The notification, penned on behalf of Bank of America, describes the breach as an "external system breach (hacking)", while the information acquired has been mentioned as "name or other personal identifier in combination with: social security number".

As per the data breach notification, the total number of persons affected (including residents) has been estimated at 57,028, and the total number of residents of Maine - the northeasternmost US state - who were affected by the data compromise was 93.

As per the notification, the breach occurred on October 29, 2023, and was discovered on October 30, 2023.

The submission to the Office of the Maine Attorney General by an outside counsel for Bank of America (BofA) names IMS in the data breach notification.

A letter uploaded alongside the disclosure said, "On or around November 3, 2023, IMS was impacted by a cybersecurity event when an unauthorised third party accessed IMS systems, resulting in the non-availability of certain IMS applications.

On November 24, 2023, IMS told Bank of America that data concerning deferred compensation plans serviced by Bank of America may have been compromised.

Bank of America's systems were not compromised".

An email sent by PTI to Infosys seeking a response on the matter remained unanswered.

It is pertinent to mention that on November 3, 2023, Infosys intimated to the stock exchanges that Infosys McCamish Systems, a subsidiary of Infosys BPM (a wholly-owned subsidiary of Infosys) has become aware of a cybersecurity event resulting in the non-availability of certain applications and systems in IMS.

"Data protection and cybersecurity are of utmost importance to us. We are working with a leading cybersecurity products provider to resolve this at the earliest and have also launched an independent investigation with them to identify potential impact on systems and data," Infosys had then said.