Cybersecurity and the Supply Chain

Supply Chain Lesson #587

By Charles Parker, II

Bank of America is massive with branches throughout most of the nation and other countries. Being such a large operation, the bank could not reasonably maintain all aspects of their operations from a central hub. The vast expanse of this would increase their FTEs significantly. This standard operating procedure is used in most industries.

One area BoA uses this is with their service providers. Infosys McCamish Systems (IMS) was compromised on or around November 3, 2023. The next day in the chronology was November 24 when IMS notified BoA the data with their deferred compensation plans may have been compromised. This included for the individuals their name, address, social security number, date of birth, and financial information (account number, credit card number, etc.). For this compromise, approximately 57,028 clients were impacted. This ransomware attack was claimed by LockBit.

This set of data is perfect to sell and be abused. With this the attackers or whomever purchases the data has ample people to attack.

About the author-

Charles Parker II has been working in the info sec field for over a decade, in the banking, medical, automotive, and staffing industries. Charles has matriculated and attained the MBA, MSA, JD, LLM, and is in the final stage of the PhD in Information Assurance and Security (ABD) from Capella University. Mr. Parker’s areas of interest include cryptography, AV, and SCADA.