Bank of America notifies over 57,000 customers in a data breach that contains stolen customer data. While it may not be the largest of data breaches, it may impact your small business and employees. The bank started notifying affected customers on February 1, 2024 that their personally identifiable information (PII) was accessible as a result of the data breach. The PII being reported as possibly accessible is customer full names, social security numbers, addresses, email address, dates of birth, and any other provided account information. The customers impacted are those who have deferred compensation plans that are managed by Bank of America.

Third party strikes again

Infosys McCamish Systems (IMS) filed a notice with the United States Securities and Exchange Commission (SEC) on November 3, 2023 that certain applications and systems were no longer available. It has since been reported that Lockbit has claimed the ransomware attack on IMS. 

What a small business can do

If your small business utilizes Bank of America deferred compensation plans for your employees, it will be important to give a heads up to your employees of this data breach that may impact them. Chances are they have received the notice already if they are impacted. If you do not use this product by Bank of America, you can still inform your employees and tell them your business does not use Bank of America.

Third party attacks are hard to prepare for and sometimes there is nothing you can do. It is important to always do your due diligence and select a third party that takes cybersecurity serious. Sometimes, no matter what cybersecurity implemented a breach can occur.

What your employees can do

If impacted by this data breach here are a few things to do:

  • Monitor their credit reports
  • Monitor their account statements
  • Immediately report any unauthorized accounts
  • Immediately report any unauthorized changes to current accounts
  • Consider putting a freeze on new lines of credit
  • Consider utilizing a credit monitoring/ID theft protection service

Final thoughts

Third party data breaches are difficult. You may have done everything right with your cybersecurity and were diligent in selecting your third party vendors, but still fall victim to a cyberattack. Unfortunately third party breaches occur pretty regularly and there isn’t always a step you can take to prevent them. However, it is important to be aware of third party breaches as it may affect your small business.

To learn more about cybersecurity data breach response, threats, trends, and topics with a focus on small business, check out Small Business, Big Threat!