SBA Server Caused Bank Info Leak

Bank of America has disclosed a security incident involving its online platform for processing loan requests from companies for the Paycheck Protection Program , a COVID-19 relief fund set up by the government. BofA says the Small Business Administration test platform allowed other banks and organizations to view its customers’ loan applications. The information they saw includes business address, contact info, tax identification number, and details about the business owner — name, address, Social Security Number, phone number, email address, and citizenship. The incident occurred on April 22 and was resolved the same day. According to Zdnet, there may be bigger issues with the BofA program for processing PPP loans. Customers who submitted a loan application reported seeing other customer’s data when they logged in later to review their application status. The bank has another problem related to the small business loan program. It is being sued by the state of California for prioritizing loan applications from large corporations over those submitted by smaller businesses.