Breach Brief – Small Business Administration

Breach Brief – Small Business Administration

As if life was not tough enough for America’s small businesses. Now the Small Business Administration reported that applicants to its Economic Injury Disaster Loan program (EIDL) may have had information exposed to other applicants.

According to the SBA 7,900 businesses that applied may have been affected and noted in a statement that it “immediately disabled the impacted portion of the website, addressed the issue, and relaunched the application portal.”

According to a letter from the SBA on March 25th the agency discovered that personal information might have been disclosed. Included in the breach are names, Social Security numbers, addresses, birth dates, email address, phone numbers, citizenship status and insurance information. The SBA reported that there had been no signs the information had been misused.

An SBA official explained to CNBC how the information could be exposed. In order to access other business owners’ information, applicants needed to be in the loan application portal. If the applicant hit the page back button information belonging to another business owner could become visible.

According to the official some 4 million small business owners impacted by the coronavirus pandemic have applied for $383 billion in aid through the program. The program is offering low-interest loans of up to $2 million and emergency grants of up to $10,000. The EIDL program initially had allocated just $17 billion for coronavirus relief, though a bill that recently passed the Senate would add $60 billion more to the program.