Bank of America Corporation has disclosed a data breach affecting clients who have applied for the Paycheck Protection Program (PPP). Client information was exposed on April 22 when the bank uploaded PPP applicants’ details onto the US Small Business Administration’s test platform. The platform was designed to give lenders the opportunity to test the PPP submissions before the second round of applications kicked off. The breach was revealed in a filing made by Bank of America with the California Attorney General’s Office. As a result of the incident, other SBA-authorized lenders and their vendors were able to view clients’ information. Data exposed in the breach consisted of details relating not only to individual businesses, but also to their owners. Compromised data may have included the business address and tax identification number along with the owner’s name, address, Social Security number, phone number, email address, and citizenship status.
Source: InfoSecurity Magazine