Bank of America

The Maine Office of the Attorney General disclosed a **data breach** affecting **Bank of America**, detected on **October 1, 2024**, and reported on **January 3, 2025**. The incident involved **unauthorized access** to sensitive personal information, compromising **414 individuals**, including at least one Maine resident. While the exact nature of the exposed data was not fully detailed, the breach was severe enough to warrant **24 months of free identity theft protection services via Experian**, suggesting the exposure of personally identifiable information (PII) that could facilitate fraud or identity theft. The breach highlights vulnerabilities in Bank of America’s data security measures, raising concerns over potential financial fraud, reputational damage, and regulatory scrutiny. Although the scale (414 individuals) is relatively contained compared to mass breaches, the provision of long-term identity protection indicates a high-risk exposure—likely involving **financial or identity-related data** (e.g., Social Security numbers, account details, or addresses). The incident underscores the persistent threat of cyber intrusions targeting financial institutions, where even limited breaches can have cascading consequences for affected individuals, including phishing attacks, unauthorized transactions, or credit fraud.

Source: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/582166f7-27cd-44a1-8259-4ef444dafdf1.html

TPRM report: https://www.rankiteo.com/company/bank-of-america

"id": "ban030091825",
"linkid": "bank-of-america",
"type": "Breach",
"date": "10/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 414,
                        'industry': 'Banking/Financial Services',
                        'location': 'United States',
                        'name': 'Bank of America',
                        'type': 'Financial Institution'}],
 'customer_advisories': ['Identity theft protection services (24 months via '
                         'Experian) offered to affected individuals'],
 'data_breach': {'number_of_records_exposed': 414,
                 'personally_identifiable_information': True},
 'date_detected': '2024-10-01',
 'date_publicly_disclosed': '2025-01-03',
 'description': 'The Maine Office of the Attorney General reported a data '
                'breach involving Bank of America. The breach occurred on '
                'October 1, 2024, affecting 414 individuals, including 1 '
                'resident of Maine. Unauthorized access was detected, and '
                'identity theft protection services (24 months via Experian) '
                'were offered to affected individuals.',
 'impact': {'data_compromised': True, 'identity_theft_risk': True},
 'references': [{'date_accessed': '2025-01-03',
                 'source': 'Maine Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
                                                        'Attorney General']},
 'response': {'third_party_assistance': ['Experian (Identity Theft '
                                         'Protection)']},
 'title': 'Bank of America Data Breach (2024)',
 'type': 'Data Breach'}