The ‘Bank of America’ Is Circulating Notices of a Data Breach

  • A subset of sensitive data belonging to PPP loan applicants has been exposed to lenders and their associates.
  • The security lapse came through a mistake when setting up a testing platform used by the SBA.
  • The bank responsible for the blunder has now secured two years of identity protection services for the compromised clients.

The ‘Bank of America’ is sending notices of a data breach over to the impacted clients, after mishandling the data of a subset of people who applied for PPP (Paycheck Protection Program) loans. The financial institution was working together with the SBA (Small Business Administration) and the U.S. Treasury over the past couple of weeks, trying to process over 305,000 loan applications that would result in the handing out of $25 billion in financial relief. This would be a well-needed breath of fresh air for small businesses that got crushed by the COVID-19 pandemic. Still, for some of them, an additional problem to deal with has just been added.

The Bank of America has uploaded some of the loan applications to a test application platform controlled by the SBA. It was supposed to help the applicants get accustomed with the submission process. This happened on April 22, 2020, when the involved vendors and authorized lenders got access to the system to test the platform from their side as well. The bank quickly figured that this was a mistake, as the vendors could see the applicant’s information that they had uploaded.

This event doesn’t impact the loan submission process for the compromised applicants. Still, it has exposed some sensitive details to other parties, like their tax identification number (TIN), full names, phone numbers, email addresses, citizenship, physical address, Social Security Number (SSN), business name, business address, business contact information, and other details. It doesn’t mean that all of the above was accessed or exfiltrated by the lenders, as it would be unlikely that their agents would have any interest in this information. However, the exposure happened nonetheless, and the compromised individuals have to take precautionary protection measures no matter what the risk level is.

In this context, the Bank of America has arranged for a complimentary two-year membership in the Experian IdentityWorks identity theft protection service. The service includes daily credit reports and monitoring, internet surveillance, and quick resolution in the case of fraud detection. The compromised individuals will have to register in the program by calling “866-617-1920.” If you want to know what parts of your sensitive information have been exposed, call the Bank’s Privacy Response Unit instead, at “1-800-252-2867.”

Other than that, stay vigilant against scam emails. Scammers may try to convince you to re-apply for a loan by entering your information on a phishing platform that may look like the actual SBA platform. Your application hasn’t been affected by this incident, so you don’t need to do anything regarding the loan application.

REVIEW OVERVIEW

Latest

How to Watch Washington Wizards Games Online Without Cable

The Washington Wizards have been the surprise package of the NBA season so far, exciting fans all over the world with their...

How to Watch Philadelphia 76ers vs. Boston Celtics: Live Stream, Start Time, TV Channel, Odds, Predictions

The NBA regular season continues on Wednesday evening, with the Boston Celtics hosting the Philadelphia 76ers at the world-famous TD Garden in...

How to Watch Sacramento Kings vs. Los Angeles Clippers: Live Stream, Start Time, TV Channel, Odds, Predictions

The Los Angeles Clippers will be looking to return to winning ways as they battle it out against the Sacramento Kings in...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari