Hackers Leak Bank of America Database of 4 Million Customers

Miklos Zoltan

By Miklos Zoltan . 3 March 2023

Founder - Privacy Affairs

Hackers have released a database that allegedly contains account details of over 4 million Bank of America customers. The leaked data contains sensitive information such as account balances and card CVV codes.

Highlights

  • Hackers released a database allegedly containing sensitive information on 4 million Bank of America customers
  • Data includes user ID, first name, account balance, card expiry date, and card CVV code
  • No email or phone numbers leaked
  • Authenticity of the alleged leak cannot be confirmed

On March 2, on a popular hacker forum, cybercriminals published a database allegedly from Bank of America that contains information on 4 million customer accounts.

The hackers claimed that the database was obtained in January 2023 but have not revealed further information regarding the origin of the breach or how they managed to get their hands on the data.

They claim that the breach affects over 4 million customers and contains account information such as:

  • User ID
  • First name
  • Bank account balance
  • Card expiration date
  • Account type
  • Card CVV code

The database was uploaded on a popular hacker forum for anyone to download for free. We have analyzed the allegedly leaked data, and it does indeed seem to contain what it’s claimed by the hackers.

Bank of America Data Breach

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Authenticity of the leak cannot be determined

However, we cannot determine the authenticity of the data and the leak, as the data contains no email addresses or phone numbers. While this prevents us – or anyone else – from authenticating the leak, it’s good news for potentially affected users, as without this data, the leak the rather “useless” for cybercriminals.

However, and provided the breach and leak is legitimate, it’s not unlikely that the hackers simply opted not to release the more sensitive part of the data. They may decide to sell the complete database at a later date.

While revealing bank account balances, card expiration dates, and CVV codes are extremely serious, this information can still not be associated with any individual person or card.

The data only contains first names, fortunately making it impossible to determine the account holder’s identity.

Card expiry dates and CVV numbers on their own are – again, fortunately – also useless without the complete card number and the account holder’s full name.

As such, while this alleged leak does seem extremely serious, it may, fortunately, turn out to be “harmless” (relatively speaking) and is unlikely to affect account holders in any way.

Of course, this is provided in case there is no more data that simply wasn’t released by the hackers at this time.

As explained initially, it’s impossible to determine the authenticity of this alleged leak, as it’s impossible to reach out to the allegedly affected individuals.

We will update this story as more information emerges.

Privacy Affairs

Leave a Comment