[BreachExchange] Bank of America reveals data breach in PPP application process

Destry Winant destry at riskbasedsecurity.com
Tue May 26 10:22:27 EDT 2020


https://www.bizjournals.com/charlotte/news/2020/05/26/bank-of-america-discloses-ppp-data-breach.html

Bank of America Corp. (NYSE: BAC) has revealed a possible data breach
on business clients' information for the Paycheck Protection Program.

The breach occurred on April 22, as BofA uploaded PPP applications
onto the U.S. Small Business Administration's test platform, according
to a filing with the California Attorney General's Office. The
limited-access platform allowed lenders to test PPP submissions before
the process began.

Charlotte-based BofA said application information may have been
visible to other SBA-authorized lenders and their vendors.

"There is no indication that your information was viewed or misused by
these lenders or their vendors. And your information was not visible
to other business clients applying for loans, or to the public, at any
time," BofA said.

Compromised information could include business details, such as an
address or tax identification number, or a business owner's
information, such as name, address, Social Security number, phone
number, email and citizenship status.

The bank said the data breach did not affect the applications'
submission to the SBA. It asked the SBA to remove the visible
information that same day, according to the filing.

BofA said it also conducted internal investigations. It is offering a
free two-year membership for Experian identify theft protection, which
includes daily credit monitoring and surveillance.

It did not say how many customers were affected.

Clients should monitor their accounts for the next one to two years,
BofA said. The bank offers more safety tips at
www.bankofamerica.com/privacy.

"Keeping your information confidential is one of our most important
responsibilities. We are notifying you so we may work together to
protect your personal and business information," BofA said in the
filing.

The SBA's PPP launched on April 3 as a forgivable loan program to help
businesses struggling amid the Covid-19 pandemic. Congress has set
aside nearly $660 billion for the program, including a second round
that began on April 27. The SBA has so far approved more than 4.4
million loans totaling $511.2 billion. There are more than 5,500
participating lenders.


Federal agency set to lay off nearly 1,000 KC-area workers

BofA said it has processed more than 305,000 PPP loans exceeding $25
billion. It was the first large lender to launch its online PPP
portal.

As of May 18, BofA had funded about 8,300 PPP loans totaling $556
million for North Carolina business owners. That's out of 8,700 loan
approvals. BofA had provided Charlotte-area businesses with more than
$273 million in PPP relief. Average loan size in Charlotte is about
$67,000.

Customers with questions or concerns are asked to contact BofA's
privacy response unit at 1-800-252-2867. Customers can also call
1-800-432-1000 if they spot unauthorized activity on their accounts.


More information about the BreachExchange mailing list