Warning: Bank of America Giving Access to Random Accounts

Posted on Sep 24, 2012 by rasengan

Today, we received an invoice for one of our expenses. To send the payment, I logged into Bank of America’s website to use their ACH (Automated Clearing House) system.  Once logged in, I was able to click on the ‘Transfers’ button.  Up until this point, everything was fine and I was viewing my own account.  However, after entering the transfer interface, I ran into a huge privacy issue that should have never occurred in an online banking session:  I was looking at someone else’s name, bank accounts, balances, e-mail address and more.

I have attached screenshots (with some information redacted) and have also e-mailed the bank reporting the issue.  I am definitely not WATSON, and these are not my bank account numbers or bank account balances.  It’s possible* that had I gone through with this payment it would have come out of WATSON’s account and not mine.

Logging out and logging back in seemed to fix the issue and I haven’t been able to reproduce it since its first occurrence.

BofA Communication

BofA Transfer

Here is the letter to which we have not yet received a response:

BofA Email

[Awaiting Response.]

This is a serious privacy issue that needs to be addressed.  If I can see someone else’s information, doesn’t that mean someone can see yours or mine?

Llama Stare

* Some readers pointed out that it is possible but not clear and the text has been updated for this purpose.

VPN Service

Comments are closed.

17 Comments

  1. muckraker007

    avoid BofA and other large banks like the plague. They outsource all their call centers and software development to 3rd world countries. Not really the place I want to trust my money with. Join your local credit union. Much better service, I can email my personal banker….how’s that for customer service.

    8 years ago
  2. sarah stein

    Bank of America is always getting hacked, you were probably given the account for laughs.

    8 years ago
  3. Matthew A Cox

    A few weeks ago I called BoA, put in my account number and was soon redirected and talking to a representative about someone else’s mortgage account. I don’t even have a mortgage with BoA

    8 years ago
  4. Tariq Biziou

    Curious where you were connecting from? Any possibility of a proxy between you and BofA?

    8 years ago
  5. Sridhar

    I had this happen to me yesterday, too. Took the same screen shots. Glad you wrote to them. Hope they fix it!

    8 years ago