CHARLOTTE, N.C.–Bank of America announced some customer data may have been exposed during the uploading of loan applications related to the Paycheck Protection Program.
BofA filed a notification letter with the California Attorney General's Office this week in which it said a security breach took place on April 22, when the bank was uploading Paycheck Protection Program applications into a "limited access" test platform with the SBA. The upload was performed to ensure the process for uploading Paycheck Protection Program loan information worked correctly, BofA said.
The bank has not disclosed the number of customer accounts involved in the application test upload. Information exposed could potentially include addresses and tax identification numbers for the businesses, along with some personally identifiable information for businessowners, such as, name, address, Social Security number, phone number, email address and citizenship, BofA said.
"During testing, we discovered information included in your application may have been visible for a limited time period to a limited number of other lenders and their vendors authorized by the SBA to participate in the program," Bank of America said in its notification letter.
$25 Billion in Loans
According to BofA, it has processed more than 305,000 Paycheck Protection Program loan applications over the last several weeks, representing approximately $25 billion in loans.
BofA said the security incident did not impact the submission of any loan application to the SBA, the bank says.
Bank of America is offering those affected by the apparent data leak a prepaid two-year membership in an identity theft protection service, according to the notification letter.