Key Points
- A data breach at Infosys McCamish, a financial software provider, compromised the personal information of 57,028 deferred compensation customers serviced by Bank of America.
- Bank of America provided affected customers with two-year identity theft protection.
- Regulators emphasize banks' responsibility in managing cybersecurity risks posed by third-party vendors.
A data breach at Infosys McCamish, a financial software provider, compromised the personal information of 57,028 deferred compensation customers whose accounts were serviced by Bank of America. The breach, attributed to the ransomware group LockBit, exposed sensitive data including names, addresses, dates of birth, and Social Security numbers.
Bank of America took swift action, offering standard two-year identity theft protection to the affected customers. However, delays in notifying customers about the breach have raised concerns, as regulations in many states require prompt notification following the discovery of a data breach.
While Infosys McCamish's systems were the target of the breach, responsibility for cybersecurity incidents involving third-party vendors remains a contentious issue. Regulators, including the Federal Reserve, stress the importance of banks managing third-party risks effectively, particularly in light of the growing reliance on external service providers.
Despite efforts by banks to mitigate cybersecurity risks associated with third parties, gaps in managing these risks persist. The Office of Inspector General for the FDIC has previously highlighted shortcomings in banks' contracts with technology service providers, emphasizing the need for clearer responsibilities and contract provisions to protect banks' interests.
For more information on related topics, consider exploring:
Te puede interesar
Lo más visto
