Bank of America has acknowledged that the personal information of 57,028 of its customers has been compromised. This breach, attributed to a failure at Infosys McCamish Systems (IMS), a provider of insurance business process solutions engaged by the bank, poses a substantial risk of identity theft to the affected individuals.
The breach
The data breach notification, filed in Maine, reveals that sensitive information related to Bank of America’s deferred compensation plans was inadvertently accessed. IMS, in a notification letter to customers, disclosed that the compromised data encompasses a range of critical personal details. The accessed information includes customers’ names, addresses, business email addresses, dates of birth, Social Security numbers, and other account specifics. Such data is typically all required for an identity thief to execute fraudulent activities under another person’s name.
IMS’s admission that it might never be able to precisely identify what information was accessed underscores the severity and potential long-term consequences of the breach. This uncertainty adds an additional layer of anxiety for customers, highlighting the challenges in mitigating the aftermath of such security failures.
Response and recommendations
In response to this significant breach, IMS has proactively offered the victims a two-year complimentary identity theft protection program through Experian. This service, Experian IdentityWorksSM, aims to provide a safeguard for the affected customers by offering daily monitoring of credit reports from the three national credit reporting companies, internet surveillance, and assistance in the resolution of identity theft issues. It is imperative for customers to enroll themselves in this program to activate the benefits, as the service will not automatically renew post the complimentary period.
Furthermore, IMS has advised Bank of America customers to reset their passwords and to vigilantly monitor their accounts for any unusual or suspicious activity. This advice is part of a broader set of recommendations aimed at mitigating the risk of identity fraud following such data breaches. By taking these steps, customers can play an active role in protecting their financial and personal information from further misuse.
