Bank of America Security Incident Affects PPP Applicants
The incident occurred when Paycheck Protection Program applications were uploaded to a test platform and accidentally shared.
Bank of America has disclosed a security incident in which some data belonging to Paycheck Protection Program (PPP) applicants was exposed to SBA-authorized lenders and their vendors.
The bank has been working with the US Treasury and Small Business Administration to process more than 305,000 PPP loan applications as part of a program intended to provide relief to small businesses. On April 22, client loan applications were uploaded to a "limited access, controlled" test application platform, Bank of America said in a letter to those affected.
While testing was underway, the bank learned application data may have been visible for a limited time frame to a limited number of other lenders and vendors authorized by the SBA. There is no indication that client data was viewed or misused by anyone who may have seen it, officials say, and the information was not visible to other PPP loan applicants or the public.
Data that may have been exposed includes business address and tax identification number, as well as other information about the applicant's company. It may have also exposed information belonging to the principal owner, such as name, address, Social Security number, phone number, email address, and citizenship.
Bank of America notes this does not affect the submission of PPP loan applications to the SBA.
Read more details here.
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register.
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024