BofA Confirms Third-Party Breach Bank Spokesman: Customer Data is Secure

Hacktivists are taking credit for a data breach impacting Bank of America - an incident the hackers claim allowed them to access employee and executive data stored through a third party.

See Also: Actionable Threat Intelligence: From Theory to Practice

"The data was retrieved from an Israeli server in Tel Aviv," says the hacktivist group Par:AnoIA, part of the Anonymous Intelligence Agency, in a release issued Feb. 27.

The group says it released 14 gigabytes of data, code and software related to BofA, Bloomberg, Thomson Reuters, TEKSystems and ClearForest.

ClearForest, a Thomson Reuters company based in Tel Aviv that provides business and data analytics, is the third-party service provider hacktivists claim was storing data on an open server.

"This incident shows how irresponsible companies handle the data," the hacktivist group says. "Even more alarmingly, the findings indicate that corporations like Bank of America are funding these operations."

The group says it released the data it retrieved on Pastebin and Twitter. "We release the received files in full to raise awareness to this issue and to send a signal to corporations and Governments that this is unacceptable," the hacktivists add.

Bank of America, in a March 5 response to BankInfoSecurity, confirms a third-party compromise is to blame for the data leak, although it does not identify the company that was breached.

"This company was working on a pilot program for monitoring publicly available information to identify information security threats," states BofA spokesman Mark Pipitone. "Bank of America systems were not compromised. Our customer data is secure."

Hacktivists say the data they accessed showed BofA and other companies had been collecting information about private citizens.

"We take seriously our role in protecting our customers, data and systems," BofA's Pipitone adds. "That includes our role in protecting customers from individuals and organizations working to disrupt our business."


About the Author

Tracy Kitten

Tracy Kitten

Executive Editor, BankInfoSecurity & CUInfoSecurity

A veteran journalist with more than 18 years' experience, Kitten has covered the financial sector for the last 11 years. Before joining Information Security Media Group in 2010, where she now serves as the Executive Editor of BankInfoSecurity and CUInfoSecurity, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.





Around the Network