Business owners who applied for federal disaster loans may have had information exposed to other applicants, the Small Business Administration reports.
The Small Business Administration (SBA) has confirmed that nearly 8,000 business owners who applied for an emergency loan may have viewed sensitive data belonging to other applicants.
This incident affects those who applied for the Economic Injury Disaster Loans (EIDL), an SBA program historically used to provide loans for small businesses recovering from wildfires, tornadoes, and other natural disasters. EIDL was expanded in March to assist organizations suffering financial hardship due to the economic effects of coronavirus. The program's funds are separate from the Paycheck Protection Program, which was not affected in the incident.
On March 25, the SBA discovered personal information belonging to EIDL applicants may have been accidentally shared with others. If users tried to click the "back" button, they may have been able to see information that belonged to another business owner applicant.
"We immediately disabled the impacted portion of the website, addressed the issue, and relaunched the application portal," a senior administration official told CNBC.
Data potentially exposed in the incident includes names, Social Security numbers, addresses, birth dates, email addresses, phone numbers, citizenship status, and insurance information, the Washington Post reports. The SBA has not disclosed how long the data may have been exposed or how the issue was found. There is so far no indication the exposed data has been misused.
Read more details here.
A listing of free products and services compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19.
About the Author(s)
You May Also Like
Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024