Bank of America website exposes customer accounts, data

Bank of America's account websites are experiencing an unprecedented online security breach and the bank hasn't fully rectified the problem. That's right, your online financial data and full account access may be in the hands of someone else.

I know this has nothing to do with cars, but I thought it was important enough to write up anyway because I'm sure many Jalopnik readers have money with Bank of America.


Someone very close to me called moments ago and told me that when she logged into her Bank of America account earlier this evening she saw, rather than her credit card account, the mortgage and home equity account of someone else. That's right, Bank of America was showing her, instead of her own credit card account, the accounts for a Bank of America account holder in Randolph, NJ. The only similarity between the two? The same last name.

I've added these sanitized-to-remove-contacts-and-names screen shots as proof. As you can see, full access to this other client's account has been provided by Bank of America's own website. God only knows what's happened to my source's account — or who has access to it. It might be the person who they currently have access to. It might be someone else entirely. That's sort of what's so scary about this.


The person I spoke with immediately called Bank of America, and was told that although they knew of the problem, they didn't they yet know what was causing the problem, and despite having known about it for over a half an hour, they had not shut down online access. One hour later, my source tells me she still has access to the other party's account information.


So, if you have a Bank of America account, make sure to check your accounts — and call the customer service number immediately if you're seeing a problem and urge them to shut down their website immediately.

UPDATE: It appears as though Bank of America, over an hour after discovering the security flaw, has finally shut down online access to at least one affected account. No word on whether they've shut it down for everyone. Is anyone else able to confirm?


UPDATE 2: Other accountholders are telling us in the comments that they've had online access shutdown too.

UPDATE 3: The original source for my story received a call from the CEO's office about the breach. They haven't yet fixed the problem but she was told BofA has shut down access to affected accounts. They declined to say how many were shut down.


UPDATE 4: Bank of America tells us over twitter "Online Banking is up and running, customer information is secure." No further details.


Got tips for our editors? Want to dish some dirt on a competitor? Know something about a secret car? Email us at — even if it's topless-congressman type stories. In fact, especially if it is. (Pardon us, we're just taking a moment to control the involuntary shudders at the thought of topless photos of "Maximum" Bob Lutz)


Share This Story