Join us at ASI Show Fort Worth, March 29 – 31.   Register Now.

News

SBA Data Breach Exposes Thousands of EIDL Applicants

Nearly 8,000 small businesses that applied for emergency coronavirus relief might have had their information exposed to other applicants.

Thousands of small businesses that applied for federal disaster loans through the Small Business Administration (SBA) had their personal information potentially exposed to other applicants.

The SBA said 7,900 businesses that applied to the Economic Injury Disaster Loan (EIDL) program may have been affected and noted in a statement that it “immediately disabled the impacted portion of the website, addressed the issue, and relaunched the application portal.”

data breach

The SBA discovered on March 25 that personal information might have been disclosed, according to a letter sent out by the SBA. Personal information may have included names, Social Security numbers, addresses, birth dates, email address, phone numbers, citizenship status and insurance information. The SBA said in letter dated April 13 that there had been no signs the information had been misused.

An SBA official told CNBC that in order to access other business owners’ information, small business applicants needed to be in the loan application portal. If the user hit the page back button, he or she might have seen information belonging to another business owner. The official also said that 4 million small business owners suffering from economic losses due to the coronavirus pandemic had applied for $383 billion in aid through the program, which was offering low-interest loans of up to $2 million and emergency grants of up to $10,000. The EIDL program initially had allocated just $17 billion for coronavirus relief, though a bill that recently passed the Senate would add $60 billion more to the program.

As of April 20, the SBA reported that it had granted 26,919 disaster loans for a total of $5.6 billion and 755,476 EIDL emergency grants for a total of $3.29 billion.

The SBA said it will offer applicants a year of free credit monitoring as a result of the data breach.