Bank of America has disclosed a security incident in which some data belonging to Paycheck Protection Program (PPP) applicants was exposed to SBA-authorized lenders and their vendors.
The bank has been working with the US Treasury and Small Business Administration to process more than 305,000 PPP loan applications as part of a program intended to provide relief to small businesses. On April 22, client loan applications were uploaded to a "limited access, controlled" test application platform, Bank of America said in a letter to those affected.
While testing was underway, the bank learned application data may have been visible for a limited time frame to a limited number of other lenders and vendors authorized by the SBA. There is no indication that client data was viewed or misused by anyone who may have seen it, officials say, and the information was not visible to other PPP loan applicants or the public.
Data that may have been exposed includes business address and tax identification number, as well as other information about the applicant's company. It may have also exposed information belonging to the principal owner, such as name, address, Social Security number, phone number, email address, and citizenship.
Bank of America notes this does not affect the submission of PPP loan applications to the SBA.
Read more details here.