Glitch May Have Exposed Data of Thousands of Small Businesses Applying for Federal Relief Loans

Nearly 8,000 applicants to a Small Business Administration loan program may have had their data shown to other users filling out the application.

Thousands of small businesses seeking federal disaster loans in the wake of the coronavirus pandemic may have had their sensitive information exposed due to a glitch in a Small Business Administration program, according to The Washington Post.

Nearly 8,000 applicants to the Economic Injury Disaster Loan program may have had their personal information accidentally disclosed to other applicants. One government official told CNBC that the glitch occurred when an applicant was in the loan application portal and clicked the page’s back button. 

When they saw the previous screen, the applicant may have seen information belonging to another small business owner instead of their own. The SBA discovered the flaw on March 25 and sent a letter to affected users, noting that personal information such as social security numbers, addresses, financial data and insurance information.

“We immediately disabled the website, we mitigated the risks, implemented additional safeguards to prevent any future inadvertent disclosure,” the letter reads. “To date, there is no evidence to suggest that there has been any attempt to misuse any of this information.” 

The EDIL application, which usually assists businesses affected by natural disasters, has been expanded to include businesses affected by the COVID-19 crisis. (It is separate from the Paycheck Protection Program, which ran through $350 billion of available funding within two weeks). 

Read More: Industry Groups Push For More Cybersecurity Funding In Future COVID-19 Stimulus Legislation

Applicants affected by the error have been offered a year of free credit and identity monitoring services to ensure that their information is not stolen. The Post reported that the SBA has not answered questions about how the breach was discovered or how long it lasted. 

Security experts like Mark Bower, senior vice president at comforte AG, expressed concern that the need for speedy responses to the COVID-19 crisis has crowded out cybersecurity assurances during the application process. 

“Have best practices like data-centric security been traded-off to launch quickly, leading to further exposure and attack down the line?” Bower said. “The last thing these businesses need is their identity data abuse cascading to deeper economic injury risk.“ 

The initial statements from the SBA make it difficult for affected parties to understand what the impact will be, said Tim Erlin, the vice president of product management and strategy at Tripwire. But credit monitoring services should help business owners know if their data has been used on the dark web. 

“While any breach is unfortunate, it’s especially painful when the government exposes the personal data of citizens,” Erlin said. “There is likely plenty of blame to go around for an incident like this, but the focus should be on how trust can be restored and affected victims can be protected.”

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

Featured Cybersecurity

Webinars

New Products

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3