Bank of America Discloses That PPP Loan Application Data May Have Been Exposed During Preparation of Submission of Financial Relief Loan Applications To The SBA

Kehoe Law Firm, P.C. is making consumers aware that Bank of America (“BOA” or the “Bank”) filed a “Notice of Data Breach” with the State of California Department of Justice, Office of the Attorney General, which, among other things, stated that BOA,

. . . in preparation for submission of loan applications to the SBA, Bank of America . . . uploaded some clients’ loan applications to a limited access, controlled SBA test application platform. This platform was designed to allow authorized lenders to test the process for submitting [Paycheck Protection Program] applications to the SBA prior to the actual submission process.

During testing, we discovered information included in your application may have been visible for a limited time period to a limited number of other lenders and their vendors authorized by the SBA to participate in the program. There is no indication that your information was viewed or misused by these lenders or their vendors. And your information was not visible to other business clients applying for loans, or to the public, at any time. This did not affect the actual submission of PPP loan applications to the SBA. [Emphasis in original.]

According to Bank of America,

[t]he information that may have been briefly visible to limited authorized lenders and their vendors included business contact and business information about the company of which you are a principal owner, such as business address and tax identification number (TIN). As a principal owner, personal information about you, such as your name, address, Social Security Number, phone number, email address and citizenship may have been involved. [Emphasis added.] reported (“Bank of America: COVID-19 Loan Data May Have Leaked”) that “[i]t’s not clear if the incident involving Bank of America was related to the possible data breach at the SBA” regarding “a flaw in an online application portal for its Economic Injury Disaster Loan program [which] exposed the personal data of approximately 8,000 loan applicants.”

Have You Been Impacted by A Data Breach?

If so, please either contact Kehoe Law Firm, P.C. Partner Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], complete the form on the right or e-mail [email protected] for a free, no-obligation case evaluation of your facts to determine whether your privacy rights have been violated and whether there is a basis for a data privacy class action.

Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.

Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs.  Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.

Kehoe Law Firm, P.C.