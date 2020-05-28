Bank Of America Admits Paycheck Protection Program Data Breach – Enterprise Security Expert Comments

Late last week Bank of America Corporation disclosed a data breach affecting clients who have applied for the Paycheck Protection Program (PPP). Client information was exposed on April 22 when the bank uploaded PPP applicants’ details onto the US Small Business Administration’s test platform. The platform was designed to give lenders the opportunity to test the PPP submissions before the second round of applications kicked off. The breach was revealed in a filing made by Bank of America with the California Attorney General’s Office. As a result of the incident, other SBA-authorized lenders and their vendors were able to view clients’ information.

EXPERTS COMMENTS
Mark Bower, Senior Vice President ,  comforte AG
May 28, 2020
The missing piece here that could have saved the day was using de-identified data during the test run to avoid regulated data exposure.
It goes to show that even the best prepared organizations can suffer breach risks in the rush to changing marketing conditions or harsh deadlines like SBA loan processing. The missing piece here that could have saved the day was using de-identified data during the test run to avoid regulated data exposure. De-identifying data can be as simple as transforming it with technologies like tokenization ....
