Bank of America customers have data at risk

A Bank of America data breach is the newest major example of how vulnerabilities in third-party vendors can compromise cybersecurity via the supply chain.  InfoSys McCamish Systems (IMS), a consultant and service provider for the bank, experienced a breach that in turn led to Bank of America customers being affected.  Over 57,000 customers had their Social Security numbers, names, addresses, and other personally identifiable information (PII) exposed in the breach. 

What this means is that Bank of America is just the latest organization to get caught in the crossfire, while not being in the crosshairs itself.  IMS’ systems were breached late last year and certain applications compromised for a time.  Their own internal systems remaining safe, the bank nevertheless had to send out notifications to customers that their data was potentially at risk.

IMS was not the only incident of this type for Bank of America last year.  Another of their third party associates, Ernst & Young, also handling the bank’s customer data, was caught up in the massive MOVEit breach.  Over 30,000 individuals were impacted via stolen Social Security numbers, credit card information, and other financial records.  The Clop ransomware group holds responsibility for the breach of that platform, while a ransomware group called LockBit hit IMS.  Over 2,000 of IMS’ systems were encrypted by the hackers as part of their modus operandi of ransomware-as-a-service (RaaS) and targeting high profile entities.

When you’re a company that works with third parties to facilitate business operations, you can never be truly certain that their data security posture is sufficient for your own customers’ protection.  This is especially true of larger firms, which can integrate numerous partners into their organizational structure. 

Customers who are affected by these beaches should consider canceling their current credit and debit cards, as well as putting fraud alerts or credit freezes on their accounts.  Companies who either are or work with third party vendors should ensure this valuable data is secured behind a strong layer of encryption.  And this is the reality for businesses today.  “Cybersecurity is not an ‘in-house’ issue, but one dependent on a series of organizations, from IT vendors and payment providers to cloud services and software platforms,” says Oz Alashe MBE, CEO of human risk management platform CybSafe.

NetLib Security’s Encryptionizer product supplies just this level of protection.  Transparently encrypting your sensitive data across all environments—physical, virtual and cloud—Encryptionizer renders your stored data useless to intruders who make it past your network’s perimeter defenses.  No additional programming is required, nor impact to systems performance.  Request a free evaluation here to see how Encryptionizer can help keep your data safe.


By: Jonathan Weicher, post on February 20, 2023
Originally published at: https://www.netlibsecurity.com
Copyright: NetLib Security