01 Mar 2013

Bank of America Pins Data Breach on IT Consultancy

After hacker group Anonymous Intelligence Agency: Par:AnoIA allegedly released 14 Gb of data belonging to the Bank of America and others, the bank said it was not breached and that a third-party was responsible.

IT consultancy company TEKsystems, in charge of identifying and monitoring security threats, was allegedly the source of the data leak, according to Bank of America’s statement.

"In this instance, a third-party company was compromised," said Bank of America. "This company was working on a pilot program for monitoring publicly available information to identify information security threats."

Par:AnoIA claims the data was collected from an unsecured server in Tel Aviv. Along with the data, source code access to text analyzing software, ClearForest, and a software module used by the Bank of America were collected. The Israeli company that developed ClearForest did not comment on the matter, but all information was made public by Par:AnoIA, via Twitter and PasteBin.

“Along with this data we also received a full version of ClearForest's text analyzing software OneCalais – the software was stored on the same server and as openly accessible as the data,” wrote Par:AnoIA. “Additionally we found source code that seems to be a specific version or module of the software for Bank of America (going by the naming convention). The code has not been analyzed so far but is open to anyone interested for assessment and analysis.”

Warning that the data should not have been stored on an Israeli server in the first place, the hacker group states this was a warning to corporations and governments.