Possible Data Breach Affected Some COVID-19 Loan Applicants: SBA
The private data of nearly 8,000 small-business applicants may have been exposed to others, the agency stated.
Private data of some 7,900 small-business applicants for federal disaster loans may have been exposed to other applicants.
“Personal identifiable information of a limited number of Economic Injury Disaster Loan applicants was potentially exposed to other applicants on SBA’s disaster loan application site on March 25,” the Small Business Administration said in a statement shared with ThinkAdvisor late Tuesday. “We immediately disabled the impacted portion of the website, addressed the issue, and relaunched the application portal.”
Businesses that may have been affected have been notified by the SBA, which offered them a free year of credit monitoring.
The SBA disclosed the problem in an April 13 letter obtained by the small-business group Covid Loan Tracker and shared with the The Washington Post, which first reported the news Tuesday afternoon.
The personal information potentially revealed by the break included names, Social Security numbers, addresses, birth dates, email addresses, phone numbers, citizenship status and insurance information.
“The letter, dated April 13, said there were no signs that the information had been misused,” according to the Post.
The SBA expanded the emergency relief to include businesses hurt by the coronavirus. The Economic Injury Disaster Loan resources have been offered separately from the Paycheck Protection Program included in the first stimulus package.