Bank of America is working to control the fallout following an October data breach at third-party vendor Infosys McCamish Solutions. 

The bank is offering the more than 57,000 affected clients a free, two-year membership to IdentityWorks, an identity protection product from Experian, according to an Infosys McCamish Solutions filing with the state of Maine.

“If I had to respond to an incident like [Bank of America], I would try to ensure with my team that the customers are somehow compensated through rewards or some financial aid of their loss, even though it might not be enough,” Binty Ahmed, an incident response specialist at cybersecurity training company  CyberNow Labs, told Bank Automation News. 

In the case of the breach at the $3.1 trillion Bank of America, the plan includes “containing and remediating malicious activity, rebuilding systems and enhancing response capabilities,” a Feb. 1 IMS notification to customers said. 

Affected Bank of America customers have been instructed to: 

• Review credit reports and account statements and report suspected identity theft; 
• Enroll in Experian’s IdentityWorks; and 
• Educate themselves about identity theft by contacting their state’s attorney general or the FTC.  

A constant threat

Cyberhackers are constantly working to break into financial institution data. 

According to IBM’s Cost of a Data Breach Report 2023, published in August, the global average cost of a data breach in 2023 was $4.45 million, up 15% from 2020. The report stated that 51% of organizations are planning to increase security investments as a result of increasing breaches.  

For hackers, “the benefit is too big to not keep trying,” Ray Kelly, fellow at cybersecurity company Synopsys Software Integrity Group, told BAN. 

Recent hacks include: 

• Coppell, Texas-based Mr. Cooper was hacked last year, costing the mortgage lender $10 million, according to a December filing with the U.S. Securities and Exchange Commission; 
• Jacksonville, Fla.-based Fidelity National Financial had a data breach in November 2023, which affected 1.6 million clients; and 
• In January, home lending solutions provider loanDepot experienced a cyberattack in which the information of 16.6 million people was leaked, according to a Jan. 22 release from the company.  

“Unfortunately, we live in a world where these types of attacks are increasingly frequent and sophisticated, and our industry has not been spared,” loanDepot Chief Executive Frank Martell said in the release. 

Get ready for Bank Automation Summit U.S. 2024 in Nashville, Tenn., on March 18-19! Discover the latest advancements in AI and automation in banking. Register now.