BofA Confirms Third-Party Breach.
“The data was retrieved from an Israeli server in Tel Aviv,” says the hacktivist group Par:AnoIA, part of the Anonymous Intelligence Agency, in a release issued Feb. 27.
The group says it released 14 gigabytes of data, code and software related to BofA, Bloomberg, Thomson Reuters, TEKSystems and ClearForest.
ClearForest, a Thomson Reuters company based in Tel Aviv that provides business and data analytics, is the third-party service provider hacktivists claim was storing data on an open server.
“This incident shows how irresponsible companies handle the data,” the hacktivist group says. “Even more alarmingly, the findings indicate that corporations like Bank of America are funding these operations.”
The group says it released the data it retrieved on Pastebin and Twitter. “We release the received files in full to raise awareness to this issue and to send a signal to corporations and Governments that this is unacceptable,” the hacktivists add.
Bank of America, in a March 5 response to BankInfoSecurity, confirms a third-party compromise is to blame for the data leak, although it does not identify the company that was breached.
“This company was working on a pilot program for monitoring publicly available information to identify information security threats,” states BofA spokesman Mark Pipitone. “Bank of America systems were not compromised. Our customer data is secure.”
Hacktivists say the data they accessed showed BofA and other companies had been collecting information about private citizens.
“We take seriously our role in protecting our customers, data and systems,” BofA’s Pipitone adds. “That includes our role in protecting customers from individuals and organizations working to disrupt our business.”