The Data Breach Impacts Paycheck Protection Program Applications Processing, claims the Bank of America.
The Charlotte-based Bank of America Corporation (BAC) confirmed data breach targeting its Small Business Administration (SBA) test platform and impacting the information submitted by the bank’s business clients for its Paycheck Protection Program (PPP).
This program was launched on April 3, 2020; it is a forgivable loan program offered primarily to help businesses deal with the adverse consequences of the Coronavirus-led lockdown and economic crisis.
The personal and business information of BAC customers including details like business details like tax identification number or business address, customer’s name, address, phone number, email ID, citizenship status, and Social Security Number could be affected.
The filing [PDF] with the California Attorney General’s Office revealed that the data breach occurred on April 22, 2020, the same day when the BAC uploaded customer details for the PPP on the US SBA test platform.
The platform was developed to allow lenders to test the PPP submissions before proceeding to the next stage of application processing.
BAC claims that the information could possibly be visible to other SBA-authorized lenders and affiliated vendors. However, there is currently no such indication that the information was accessed or abused by these lenders or their vendors.
Please promptly review your credit reports and account statements over the next 12 to 24 months and notify us of any unauthorized transactions or incidents of suspected identity theft related to your accounts with the Bank, BAC said in a statement.
The bank has clarified that the data couldn’t be accessed publicly or by its other business customers applying for loans.
The bank further revealed that customers in multiple US states are most likely affected by this data breach but the number of clients is relatively small and the applications’ submissions to the SBA weren’t affected either.
It is worth noting that over 305,000 PPP relief applications were processed with the SBA so far and the bank has requested the SBA for removal of visible information.
Internal investigations are underway and the bank has decided to offer two-year membership for Experian identity theft protection (including daily credit monitoring) for free to the affected customers.