Bank of America Customers Were Compromised by a Third-Party Vendor in Major Breach

A major breach involving Bank of America customers has come to light, and it's a wake-up call for anyone who uses online banking services. The breach was caused by a third-party vendor.

The vendor, who has not been named, was responsible for processing payments for Bank of America customers. This vendor was compromised, allowing hackers to access sensitive customer information.

The breach was significant, affecting over 20 million Bank of America customers.

Implementing code review policies is crucial to prevent similar breaches. Code review policies ensure that any code pushed live is thoroughly examined by a quality control officer before deployment.

Monitoring for data leaks is also vital to protect customer data. A data leak detection solution can detect and shut down internal or third-party data leaks before they're discovered by cybercriminals.

In the event of a data breach, it's essential to learn from the experience. By implementing code review policies and monitoring for data leaks, Bank of America can minimize the risk of future breaches.

Here are some key takeaways from the breach:

Cybercriminals often target financial institutions because they store valuable data and are undergoing digital transformation, creating more opportunities for attackers to access that data.

Financial institutions are disproportionately targeted by cybercriminals, behind healthcare.

The financial sector is a prime target for cybercriminals due to the valuable data it holds and the opportunities created by digital transformation.

Implementing a data protection solution specific to financial services can help mitigate data breaches.

Learning from the mistakes of others is a crucial step in preventing data breaches.

Here are some key takeaways from the First American Financial Corp breach:

Third-party risks have become a major concern, especially in the wake of the MOVEit vulnerability in 2023, which affected 2611 organizations and 85.1 to 89.9 million individuals.

The vulnerability was exploited by cybercriminals, who used it to pivot from one company to the next, compromising hundreds of organizations' networks. This demonstrates the devastating impact of supply chain breaches.

According to SecurityScorecard, 90% of the world's top energy companies suffered a data breach because of third parties.

Lockbit has been interested in exploiting the Citrix Bleed vulnerability, which highlights the importance of ensuring that policies and procedures exist related to the protection of any data being shared.

Organizations should consider how they share information with third parties and how their data is connected. This includes making sure that contracts define what information is being processed and how long it's been retained.

The following key mistakes can lead to data breaches with third-party vendors:

It's essential to ensure the trust chain between organizations, as third-party breaches continue to plague organizations.

Bank of America customers were recently compromised by a third-party vendor, highlighting the ongoing threat of cyberattacks in the financial sector.

IMS, a company that provides services for deferred compensation plans, notified Bank of America about a data breach on November 24.

The LockBit ransomware group claimed responsibility for the attack on November 4, stating that over 2,000 systems were encrypted.

Bank of America customers were also affected by a breach involving another third-party vendor, NCB Management Services, last February, exposing the credit card information of nearly 500,000 customers.

Cyberattacks on financial institutions have become a common occurrence, prompting regulators to require banks to report incidents within 36 hours if they could disrupt business or the stability of the financial sector.

The Federal Trade Commission has also set a 30-day deadline for nonbanking financial institutions to report data breaches and other cybersecurity-related events if they affect at least 500 consumers.

Third-party breaches continue to plague organizations, making it essential to ensure the trust chain between organizations to protect consumers' private information, as noted by Ray Kelly, a fellow at Synopsys Software Integrity Group.