If you're like many business owners, you may have recently applied for a loan through the Paycheck Protection Program (PPP) which was one of the COVID-19 relief funds established by the Federal government in response to the global pandemic.
If you applied for that loan through Bank of America, be advised that the company recently disclosed a security incident that impacted its online platform for processing those loan requests. The company says that it is possible that other lenders or organizations may have temporarily had access to significant portions of your application data.
The breached data included, but was not limited to:
- Your business' name and physical address
- Designated company contact officials
- Your firm's Tax Identification Number
- The name of the company owner
- The Social Security Number of the company owner, as well as the owner's email address, phone number and citizenship
Based on the initial findings of an investigation into the matter, Bank of America says that an SBA test server was at the root of the problem.
Per a company spokesman, "...this platform was designed to allow authorized lenders to test the process for submitting PPP applications to the SBA prior to the actual submission process."
The company's official words on the matter makes the issue seem rather insignificant, but there's more. Some business owners have reported that when they logged back into the system to check the status of their loan application, they could see the details of other loan applicants in their dashboard. That means that potentially, many more people than just 'authorized lenders' may have seen the details of your loan application.
The investigation is still ongoing, and so far, Bank of America has declined to comment on the growing number of reports described above, or offered any additional information. If you submitted your application to the PPP loan program by way of Bank of America, just be advised that for a brief period of time, others may have gained access to your application details, and that the problem that caused it has now been solved.
About the Author
Marty Parker
Owner & General Manager
Marty is the Owner and General Manager of Heritage Digital. Marty has managed and built high-performing IT teams for over 30 years. He served 13 years in the manufacturing industry and 13 years in corporate-owned healthcare organizations. Before acquiring Heritage Digital, Marty was the Chief Information Officer of Carolinas Hospital System (now MUSC Health Florence Medical Center) in Florence, SC. Marty is passionate about educating and protecting people against cybercriminals.
