Hackers Leak Bank of America Database of 4 Million Customers

Miklos Zoltan

By Miklos Zoltan . 3 March 2023

Founder - Privacy Affairs

10 Comments

Hackers have released a database that allegedly contains account details of over 4 million Bank of America customers. The leaked data contains sensitive information such as account balances and card CVV codes.

Highlights

  • Hackers released a database allegedly containing sensitive information on 4 million Bank of America customers
  • Data includes user ID, first name, account balance, card expiry date, and card CVV code
  • No email or phone numbers leaked
  • Authenticity of the alleged leak cannot be confirmed

On March 2, on a popular hacker forum, cybercriminals published a database allegedly from Bank of America that contains information on 4 million customer accounts.

The hackers claimed that the database was obtained in January 2023 but have not revealed further information regarding the origin of the breach or how they managed to get their hands on the data.

They claim that the breach affects over 4 million customers and contains account information such as:

  • User ID
  • First name
  • Bank account balance
  • Card expiration date
  • Account type
  • Card CVV code

The database was uploaded on a popular hacker forum for anyone to download for free. We have analyzed the allegedly leaked data, and it does indeed seem to contain what it’s claimed by the hackers.

Bank of America Data Breach

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Authenticity of the leak cannot be determined

However, we cannot determine the authenticity of the data and the leak, as the data contains no email addresses or phone numbers. While this prevents us – or anyone else – from authenticating the leak, it’s good news for potentially affected users, as without this data, the leak the rather “useless” for cybercriminals.

However, and provided the breach and leak is legitimate, it’s not unlikely that the hackers simply opted not to release the more sensitive part of the data. They may decide to sell the complete database at a later date.

While revealing bank account balances, card expiration dates, and CVV codes are extremely serious, this information can still not be associated with any individual person or card.

The data only contains first names, fortunately making it impossible to determine the account holder’s identity.

Card expiry dates and CVV numbers on their own are – again, fortunately – also useless without the complete card number and the account holder’s full name.

As such, while this alleged leak does seem extremely serious, it may, fortunately, turn out to be “harmless” (relatively speaking) and is unlikely to affect account holders in any way.

Of course, this is provided in case there is no more data that simply wasn’t released by the hackers at this time.

As explained initially, it’s impossible to determine the authenticity of this alleged leak, as it’s impossible to reach out to the allegedly affected individuals.

We will update this story as more information emerges.

Privacy Affairs

Miklos Zoltan
Founder & CEO Privacy Affairs

Miklos Zoltan is the founder and CEO of Privacy Affairs. Miklos has long-time experience in cybersecurity and data privacy having worked with international teams for more than 10 years in projects involving penetration testing, network security and cryptography.

Miklos founded Privacy Affairs in 2018 to provide cybersecurity and data privacy education to regular audiences by translating tech-heavy and "geeky" topics into easy-to-understand guides and tutorials.

Miklos Zoltan
  • Connect with the author:

10 Comments

  • 13inches

    May 13, 2023 9:11 am

    I have a BOA credit card I haven’t used in over two years. Since I never use this credit card, I felt no need to log in to the BOA bank website to check my credit card balance because I knew the balance was zero. Yesterday I received a voice mail from the BOA fraud department informing me of suspicious activity on my BOA account. Somehow thieves had gotten my user name and password and had logged into my BOA account and the idiots at BOA allowed the thieves to raise the credit limits on my card. Then the thieves attempted to buy $9,000 worth of equipment online using my BOA card. The BOA fraud department blocked the $9,000 purchase – so thus far I have lost no money – but this data breach is much more serious than this article indicates. The thieves have user names and passwords at BOA – and can log in to BOA accounts and raise credit limits and change e-mail addresses to addresses they control. BOA should contact all 4 million accounts that have been hacked, but it seems BOA is trying to sweep the whole breech under the rug. The fraud agent was intimating the hack could have occurred on my computer – which was next to impossible because I haven’t used the BOA card or even logged into BOA for two years. BOA is supposed to be a bank and banks are supposed to have excellent security systems in place – but BOA seems to not want to spend the money necessary to achieve the highest levels of internet security.

  • Jacqueline Williams

    May 10, 2023 5:32 pm

    My husband and I both banked with BOA for over 20 years however now are with a credit union. Thanks to LifeLock by husband just found out that someone tried to open a savings and checking account with his information at BOA so they have his social security information that they got from Bank of America breach. Thanks BOA now all his information is out there!

  • randy moss

    April 21, 2023 9:01 pm

    I got hacked and they ran my card to the limit,,,,now all the things, memberships,,,bills,,,etc… i had tied to those accounts are getting shut down .

  • Anonymous

    April 20, 2023 4:01 pm

    “Authenticity of the leak cannot be determined”! Yes, it’s real. I just got hacked for the 4th or 5th time in the last 12 months! There’s something seriously wrong with BOAs security. I’ve dealt with BOA for 20 years but may have to stop using their cards. It’s a pain ITA waiting for a new card, then changing all the merchant info. Meanwhile, I get dunned for non-payment on auto pay accounts!

  • Anonymous

    April 7, 2023 8:37 pm

    Yes I believe it, I was also affected

  • Victimoffraud

    April 1, 2023 12:34 am

    Last names, social security numbers, phone numbers, credit card numbers tied to the CVVs and expiration dates, account numbers, as well as everything else mentioned in the article have been released. They are posing as Bank of America fraud department and know exactly what to say. It is as though they have access to the accepted dialogue that the actual fraud department uses. It was as though I was actually talking to Bank of America. This was so intricate that it felt like an inside job. I reached out to the FBI.

    • Dirk Rockland

      July 10, 2023 10:18 pm

      Never reply to a link, phone number, etc. sent about an alert – they are provided by the scammers. Go DIRECTLY to the bank’s website, log in, and use only the phone numbers they officially provide.

  • Anonymous

    March 29, 2023 7:30 am

    My accounts were compromised. I am charged with recurring payments fir medical insurance, internet services and gasoline services. That is every month since January. They do have all my info, enough to use it for recurring charges. They took my hard earned money from sleepless nights working on covid crisis that I risked my life with.

    • Bob

      July 10, 2023 10:21 pm

      …and why haven’t you called your bank and let them know? You’re not responsible for fraudulent charges, but you also have to be proactive, let them know, and get the account closed. Use only phone numbers and contact information directly from the bank’s website. Any email or text even if it looks legitimate may be suspect.

  • Anonymous

    March 28, 2023 2:54 am

    There is more information out there that was hacked. ATM bank cards are being used to purchase items as I type now. Trust me!

Leave a Comment