Rewterz Threat Alert – Bank of America’s Customer Data Breached After Vendor Hit by LockBit Ransomware

Severity

HIGH

Analysis Summary

Bank of America has recently issued a warning to its customers of a data breach that exposed their personal information after one of its service providers got attacked by the LockBit ransomware gang last year in November.

The customers’ personally identifiable information (PII) that was exposed in the data breach includes names, addresses, dates of birth, social security numbers, and financial information like credit cards and account numbers. Bank of America has not disclosed yet how many customers were impacted by the security breach, however, the vendor named Infosys McCamish Systems (IMS) that had its systems infected revealed that about 57,028 individuals had their data exposed in the incident.

IMS’s parent company, Infosys, is a multinational IT company with more than 300,000 employees and customers in over 56 countries. Meanwhile, Bank of America serves almost 69 million customers at more than 3,800 retail financial centers and about 15,000 ATMs within the United States as well as over 35 countries.

On November 3, 2023, IMS was hit by a cybersecurity incident after an unauthorized threat actor compromised its systems and gained access, which resulted in certain IMS applications being unavailable for some time. Later, on November 24, 2023, Bank of America was informed by IMS about the incident and that the data related to compensation plans serviced by the bank may have been accessed. It is to be noted that Bank of America’s systems were not compromised, so it is unlikely to be able to determine with certainty what personal information was compromised during this incident at IMS.

The LockBit ransomware gang claimed responsibility for the IMS breach on November 4^th and said that its operators were able to encrypt more than 2,000 systems during the security breach. The LockBit ransomware-as-a-service (RaaS) operation was first started in September 2019 and has targeted various high-profile organizations since, some of the most prominent ones being the Continental automotive giant, the UK Royal Mail, the Italian Internal Revenue Service, and the City of Oakland. The ransomware actors have a dark website where they list successfully breached victims’ information and the ransom amount they demand, which is exactly what they did with Infosys.

In June, cybersecurity authorities in the United States released a joint advisory that estimated the amount of ransom extorted by the LockBit ransomware gang which totaled up to around $91 million from just the U.S. organizations alone after carrying out roughly 1,700 attacks since 2020.

Impact

• Financial Loss
• Unauthorized Access
• Exposure to Sensitive Data
• File Encryption

Remediation

• Maintain cyber hygiene by updating your anti-virus software and implementing a patch management lifecycle.
• Emails from unknown senders should always be treated with caution.
• Never trust or open links and attachments received from unknown sources/senders.
• Keep your software up to date. Software updates often include security patches that can help to protect your systems from known vulnerabilities.
• Use strong passwords and multi-factor authentication. This will make it more difficult for attackers to gain access to your systems.
• Back up your data regularly. This will help you to recover if your systems are encrypted by ransomware.
• Deploy robust endpoint security solutions, including antivirus, anti-malware, and intrusion detection systems, to detect and prevent threats like LockBit ransomware.
• Immediately disconnect or isolate the compromised systems from the network to prevent the malware from spreading further. This may involve shutting down affected servers or segments of the network.
• Conduct a thorough investigation to determine the extent of the breach, including identifying which systems and data were compromised.
• Develop a long-term cybersecurity strategy to prevent future incidents, including investing in advanced threat detection and response capabilities.