Industry Updates

New Data Breach Affected Some Bank Of America Loan Applicants

If you’re like many business owners, you may have recently applied for a loan through the Paycheck Protection Program (PPP) which was one of the COVID-19 relief funds established by the Federal government in response to the global pandemic.

If you applied for that loan through Bank of America, be advised that the company recently disclosed a security incident that impacted its online platform for processing those loan requests. The company says that it is possible that other lenders or organizations may have temporarily had access to significant portions of your application data.

The breached data included, but was not limited to:

  • Your business’ name and physical address
  • Designated company contact officials
  • Your firm’s Tax Identification Number
  • The name of the company owner
  • The Social Security Number of the company owner, as well as the owner’s email address, phone number and citizenship

Based on the initial findings of an investigation into the matter, Bank of America says that an SBA test server was at the root of the problem.

Per a company spokesman, “…this platform was designed to allow authorized lenders to test the process for submitting PPP applications to the SBA prior to the actual submission process.”

The company’s official words on the matter makes the issue seem rather insignificant, but there’s more. Some business owners have reported that when they logged back into the system to check the status of their loan application, they could see the details of other loan applicants in their dashboard. That means that potentially, many more people than just ‘authorized lenders’ may have seen the details of your loan application.

The investigation is still ongoing, and so far, Bank of America has declined to comment on the growing number of reports described above, or offered any additional information. If you submitted your application to the PPP loan program by way of Bank of America, just be advised that for a brief period of time, others may have gained access to your application details, and that the problem that caused it has now been solved.