BofA Confirms Third-Party Breach

Bank Spokesman: Customer Data is Secure
BofA Confirms Third-Party Breach

Hacktivists are taking credit for a data breach impacting Bank of America - an incident the hackers claim allowed them to access employee and executive data stored through a third party.

See Also: AI and ML: Ushering in a new era of network and security

"The data was retrieved from an Israeli server in Tel Aviv," says the hacktivist group Par:AnoIA, part of the Anonymous Intelligence Agency, in a release issued Feb. 27.

The group says it released 14 gigabytes of data, code and software related to BofA, Bloomberg, Thomson Reuters, TEKSystems and ClearForest.

ClearForest, a Thomson Reuters company based in Tel Aviv that provides business and data analytics, is the third-party service provider hacktivists claim was storing data on an open server.

"This incident shows how irresponsible companies handle the data," the hacktivist group says. "Even more alarmingly, the findings indicate that corporations like Bank of America are funding these operations."

The group says it released the data it retrieved on Pastebin and Twitter. "We release the received files in full to raise awareness to this issue and to send a signal to corporations and Governments that this is unacceptable," the hacktivists add.

Bank of America, in a March 5 response to BankInfoSecurity, confirms a third-party compromise is to blame for the data leak, although it does not identify the company that was breached.

"This company was working on a pilot program for monitoring publicly available information to identify information security threats," states BofA spokesman Mark Pipitone. "Bank of America systems were not compromised. Our customer data is secure."

Hacktivists say the data they accessed showed BofA and other companies had been collecting information about private citizens.

"We take seriously our role in protecting our customers, data and systems," BofA's Pipitone adds. "That includes our role in protecting customers from individuals and organizations working to disrupt our business."


About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.