[email protected]

Logo

Second biggest bank in US hit by major data breach stealing social security numbers and other personal info

Second biggest bank in US hit by major data breach stealing social security numbers and other personal info
By: dailymail Posted On: March 10, 2025 View: 51

By CHRIS MELORE, ASSISTANT SCIENCE EDITOR FOR DAILYMAIL.COM

Published: | Updated:

One of America's biggest banks has suffered a security blunder, exposing the social security numbers and other private information of an unknown number of customers.

Bank of America has informed clients that their names, account details, addresses, contact information, date of birth, social security numbers, and other government IDs were all exposed when documents were left outside in an unsealed container. 

Bank of America said a third-party 'data destruction vendor' was to blame for the breach.

According to bank officials, this company was hired to pick up documents from an unnamed financial center on December 30, 2024 and take them to be shredded for security purposes.

'Some documents were found outside of the secure containers on the exterior of the financial center,' the bank said in a statement. 

Bank of America still hasn't revealed how many customers have been affected by the breach. As of January, Bank of America was providing financial services for 69 million US consumers and small businesses. 

In a statement to potential victims, the bank noted that customers could contact their state Attorney General for more information about avoiding identity theft - a list that included Massachusetts, New York, Washington DC, and Oregon.

At least 2 Bank of America customers have already been affected by the data breach, after their documents were left outside a financial center on December 30, 2024

The banking giant handles $4.2 trillion in client balances across their entire wealth management operations.

This isn't the only data blunder in recent months for Bank of America - part of the 'big four' US banks along with JPMorgan Chase, Wells Fargo, and Citibank.

In January, Bank of America revealed that a third-party software company allowed someone to gain access to the private information of at least 414 banking customers.

That hack took place in October 2024 and reportedly affected mortgage loan customers in Maine, exposing their social security numbers, addresses, phone numbers, passport numbers, and loan numbers.

Following the latest breach, Bank of America sent a letter to each of the customers they believe were exposed by the data destruction vendor, promising to minimize the financial impact to their accounts.

'The vendor cannot confirm if your documents were directly involved or affected,' the letter reads.

'They may have been, and as a result, we are reaching out to notify you in an abundance of caution and support.'

Bank of America stated it is monitoring accounts and will notify clients if it notices suspicious activity.

Bank of America warned that anyone contacted about this breach may have had their name, account numbers, addresses, contact information, date of birth, social security number, and other government IDs exposed to thieves

The bank offered two years of free identity theft protection services, provided by Experian - one of the three major credit bureaus that compile credit reports.

Along with free identity theft services, Bank of America advised anyone receiving a letter about this breach to take several steps to safeguard their own security.

Those tips included checking for signs of fraud on banking statements and credit reports for the next two years, updating your contact information with the bank so they can alert you of any suspicious activity, and updating all account passwords to be at least eight characters long.

Bank of America officials added that choosing to use multifactor authentication (MFA) can also enhance your safety. This security method sends you a private code to your personal devices or accounts (like your smartphone or email) which you need to enter before logging into your online bank accounts.

Bank of America hasn't been the only member of the 'big four' banks to get sloppy with customer data, although most of the incidents have taken place online.

In June 2024, Citigroup announced that an unspecified number of customers had their credit card data hacked. The bank had already received a $136 million fine from US regulators in 2020 for failing to fix data management issues.

In February 2024, JPMorgan Chase revealed that they were hit by a data breach that exposed the personal financial information of over 450,000 customers' retirement plans.

The breached reportedly stemmed from a software flaw that allowed cyber thieves access to the data. Chase customers using direct deposit were particularly affected as their bank routing and account numbers were exposed in the incident.

In 2016, Wells Fargo employees, under pressure to meet aggressive sales targets, opened millions of unauthorized bank and credit card accounts without customers' consent.

The bank was order to pay $3 billion in fines as a result of the Department of Justice's investigation into the misuse of customer records. 

Read this on dailymail
  Latest News
  Popular News
  Featured News
No news
  Contact Us
  Follow Us
Site Map
Get Site Map
  About

Read the latest local and international news from trusted sources in one place.