Cybersecurity, Supply Chain and BOA

Supply Chain Lesson

Charles Parker, II

Bank of America is massive with branches throughout most of the nation and other countries. Being

such a large operation, the bank could not reasonably maintain all aspects of their operations from a

central hub. The vast expanse of this would increase their FTEs significantly. This standard operating

procedure is used in most industries.

One area BoA uses this is with their service providers. Infosys McCamish Systems (IMS) was

compromised on or around November 3, 2023. The next day in the chronology was November 24 when

IMS notified BoA the data with their deferred compensation plans may have been compromised. This

included for the individuals their name, address, social security number, date of birth, and financial

information (account number, credit card number, etc.). For this compromise, approximately 57,028

clients were impacted. This ransomware attacked was claimed by LockBit.

This set of data is perfect to sell and be abused. With this the attackers or whomever purchases the data

has ample people to attack.

About the Author-

Charles Parker II has been working in the info sec field for over a decade, in the banking, medical, automotive, and staffing industries. Charles has matriculated and attained the MBA, MSA, JD, LLM, and is in the final stage of the PhD in Information Assurance and Security (ABD) from Capella University. Mr. Parker’s areas of interest include cryptography, AV, and SCADA.