On February 6, 2024, Bank of America, N.A. filed a notice of data breach with the Attorney General of Texas after discovering that confidential information that had been entrusted to the company was subject to unauthorized access through a third-party data breach occurring at Infosys McCamish Systems LLC (“IMS”). In this notice, Bank of America explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, financial account information, addresses and dates of birth. Upon completing its investigation, Bank of America began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification from Bank of America, N.A. or Infosys McCamish Systems LLC, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Bank of America / Infosys McCamish data breach. For more information, please see our recent piece on the topic here.

What Caused the Bank of America / Infosys McCamish Data Breach?

The Bank of America data breach was only recently announced, and more information is expected in the near future. However, Bank of America’s filing with the Attorney General of Texas provides some important information on what led up to the breach. The company that experienced the breach, IMS, also filed notice with the Attorney General of Montana.

According to these sources, on November 3, 2023, Infosys learned that it was targeted in a cyberattack, resulting in portions of IMS’s systems being inaccessible.

In response, IMS launched an investigation with the help of external data forensics specialists. Then, on November 24, 2023, IMS informed Bank of America that data concerning certain deferred compensation plans serviced by Bank of America may have been affected. At no point was Bank of America’s computer network compromised.

After learning that sensitive consumer data was accessible to an unauthorized party, IMS reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, Social Security number, financial account information, address and date of birth.

On February 6, 2024, Bank of America sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.

More Information About Bank of America, N.A. and Infosys McCamish Systems LLC

Bank of America, N.A. is a financial services company headquartered in Charlotte, North Carolina. Bank of America is the second largest bank in the United States and offers retail banking, commercial banking, wealth management, and investment banking services. Bank of America employs more than 212,000 people and generates approximately $101 billion in annual revenue.

Infosys McCamish Systems LLC is a life insurance and retirement services company based in Atlanta, Georgia. Infosys McCamish is a subsidiary of Infosys BPO Ltd, the Business Process Outsourcing subsidiary of Infosys Limited. Infosys McCamish Systems’ parent company, Infosys Limited, is an India-based provider of IT and consulting services. Infosys Limited employs more than 314,000 people and generates approximately $18 billion in annual revenue.