Over the years this series has covered incidents of data breaches and their impacts on Florida’s individuals, families, and businesses. 1
And more recently, it has covered the Coronavirus/COVID-19 pandemic in depth. 2 With one of the principal issues addressed being the various federal and state financial relief programs, and specifically the Payroll Protection Program (PPP). 3
And now those two topics seem to intersect. (Which is not all that surprising given the amount of money involved, and the online nature of the application data.)
It is reported that Bank of America noted a possible PPP data breach. 4 The breach, reported to have occurred, related to BOA’s business clients in multiple states that made PPP applications through the bank, and occurred during an upload to the U.S. Small Business Administration’s test platform. Compromised data could have included “business details, such as an address or tax identification number, or a business owner’s information, such as name, address, Social Security number, phone number, email and citizenship status.” 4
BOA responded to the matter as follows:
There is no indication that your information was viewed or misused by these lenders or their vendors. And your information was not visible to other business clients applying for loans, or to the public, at any time. 5
Thankfully, Bank of America is providing a variety of remedial services to its customers, including scam prevention tools. 6
This is a difficult situation in which to overlay proactive risk management techniques. The applicants submitted PPP applications. By a paper form. 7 To a national bank. For a federal program. Directly.
Surely the prospect of a data breach was ‘out there’. 8 The PPP is by no means a ‘quiet’ program. Banks scan, store, and submit documents digitally. And ‘hackers’ are smart and quite creative with ways to obtain electronic data.
So…Affected applicants are moved to a reactive risk management posture. They should avail themselves of the remedial tools supplied by BOA. Close and re-open new accounts. Change passwords. Consistently monitor their bank accounts. ‘Be on the lookout’ for unanticipated e-mail, telephone calls, and mail posturing as legitimate inquiries, but which are actually ‘phishing expeditions’. For example, if one receives an unexpected communication, they should not respond; rather they should independently search for the customer service number of the Bank, the SBA, or other contacting parties, and call them directly.
This is, then, an unfortunate situation where reactive situations can convert to proactive defenses. (It always comes back to proactive risk management. Every. Single. Time.)
For information about Bogin, Munns & Munns’ own response to Coronavirus readiness.
Note: Citations are given to the sources to respect the original authors’ copyrights.
1 Large Florida Database Leak.
2 The Greater Gainesville Chamber Of Commerce Report, Flash Notice for Florida Employers – OSHA’s Covid-19, An Important COVID-19 Benefits Application Deadline, New Safety Training Courses Are Available For Florida’s Businesses, Preparing For That Which Cannot Be Prepared,
Florida Prepares To Re-Open On May 4, 2020, https://www.boginmunns.com/business-stops-in-its-tracks/, Another Timely Coronavirus/Covid-19 Update, Additional Resources for Florida’s Businesses, A brief note for Florida’s individuals, families, and businesses about extensions, Coronavirus/COVID-19 pandemic state, The Paycheck Protection Program, Resources for Florida’s businesses, families, and individuals, Do You Count?, Life in Times of Coronavirus.
4 See Bank of America reveals data breach in PPP application process.
6 See Privacy & Security Center at Bank of America.
7 Paycheck Protection Program – Borrower Application Form.
8 Ibid. at 2 above.
– For more information, call Philip N. Kabler of the Gainesville, FL office of Bogin, Munns & Munns at 352.332.7688, where he practices in the areas of business, banking, real estate, and equine law. He has taught business and real estate law courses at the University of Florida Warrington College of Business Administration and Levin College of Law and is the President-Elect of the Eighth Judicial Circuit Bar Association.
NOTICE: The article above is not intended to serve as legal advice, and you should not rely on it as such. It is offered only as general information. You should consult with a duly licensed attorney regarding your Florida legal matter, as every situation is unique. Please know that merely reading this article, subscribing to this blog, or otherwise contacting Bogin, Munns & Munns does not establish an attorney-client relationship with our firm. Should you seek legal representation from Bogin, Munns & Munns, any such representation must first be agreed to by the firm and confirmed in a written agreement.