The Small Business Administration (SBA) has confirmed that nearly 8,000 business owners who applied for an emergency loan may have viewed sensitive data belonging to other applicants.
This incident affects those who applied for the Economic Injury Disaster Loans (EIDL), an SBA program historically used to provide loans for small businesses recovering from wildfires, tornadoes, and other natural disasters. EIDL was expanded in March to assist organizations suffering financial hardship due to the economic effects of coronavirus. The program's funds are separate from the Paycheck Protection Program, which was not affected in the incident.
On March 25, the SBA discovered personal information belonging to EIDL applicants may have been accidentally shared with others. If users tried to click the "back" button, they may have been able to see information that belonged to another business owner applicant.
"We immediately disabled the impacted portion of the website, addressed the issue, and relaunched the application portal," a senior administration official told CNBC.
Data potentially exposed in the incident includes names, Social Security numbers, addresses, birth dates, email addresses, phone numbers, citizenship status, and insurance information, the Washington Post reports. The SBA has not disclosed how long the data may have been exposed or how the issue was found. There is so far no indication the exposed data has been misused.
Read more details here.
A listing of free products and services compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19.