Bank of America Corp. Data Breach (2020)

Bank of America Corp. (NYSE: BAC) has revealed a possible data breach on business clients' information for the Paycheck Protection Program. The breach occurred on April 22, as BofA uploaded PPP applications onto the U.S. Small Business Administration's test platform, according to a filing with the California Attorney General's Office. The limited-access platform allowed lenders to test PPP submissions before the second round began. Charlotte-based BofA said application information may have been visible to other SBA-authorized lenders and their vendors. "There is no indication that your information was viewed or misused by these lenders or their vendors. And your information was not visible to other business clients applying for loans, or to the public, at any time," BofA said. Compromised information could include business details, such as an address or tax identification number, or a business owner's information, such as name, address, Social Security number, phone number, email and citizenship status. Applicants were part of a nationwide pool, with customers in multiple states likely affected. BofA did not specify which states. A spokesperson described it as a "small number" of clients. The bank said the data breach did not affect the applications' submission to the SBA. It asked the SBA to remove the visible information that same day, according to the filing. BofA said it also conducted internal investigations. The spokesperson declined to provide further details. The bank is offering a free two-year membership for Experian identify theft protection, which includes daily credit monitoring and surveillance. It did not say how many customers were affected or how many lenders were using the test site on April 22.