Glitch May Have Exposed Data of Thousands of Small Businesses Applying for Federal Relief Loans

Nearly 8,000 applicants to a Small Business Administration loan program may have had their data shown to other users filling out the application.

Thousands of small businesses seeking federal disaster loans in the wake of the coronavirus pandemic may have had their sensitive information exposed due to a glitch in a Small Business Administration program, according to The Washington Post.

Nearly 8,000 applicants to the Economic Injury Disaster Loan program may have had their personal information accidentally disclosed to other applicants. One government official told CNBC that the glitch occurred when an applicant was in the loan application portal and clicked the page’s back button. 

When they saw the previous screen, the applicant may have seen information belonging to another small business owner instead of their own. The SBA discovered the flaw on March 25 and sent a letter to affected users, noting that personal information such as social security numbers, addresses, financial data and insurance information.

“We immediately disabled the website, we mitigated the risks, implemented additional safeguards to prevent any future inadvertent disclosure,” the letter reads. “To date, there is no evidence to suggest that there has been any attempt to misuse any of this information.” 

The EDIL application, which usually assists businesses affected by natural disasters, has been expanded to include businesses affected by the COVID-19 crisis. (It is separate from the Paycheck Protection Program, which ran through $350 billion of available funding within two weeks). 

Read More: Industry Groups Push For More Cybersecurity Funding In Future COVID-19 Stimulus Legislation

Applicants affected by the error have been offered a year of free credit and identity monitoring services to ensure that their information is not stolen. The Post reported that the SBA has not answered questions about how the breach was discovered or how long it lasted. 

Security experts like Mark Bower, senior vice president at comforte AG, expressed concern that the need for speedy responses to the COVID-19 crisis has crowded out cybersecurity assurances during the application process. 

“Have best practices like data-centric security been traded-off to launch quickly, leading to further exposure and attack down the line?” Bower said. “The last thing these businesses need is their identity data abuse cascading to deeper economic injury risk.“ 

The initial statements from the SBA make it difficult for affected parties to understand what the impact will be, said Tim Erlin, the vice president of product management and strategy at Tripwire. But credit monitoring services should help business owners know if their data has been used on the dark web. 

“While any breach is unfortunate, it’s especially painful when the government exposes the personal data of citizens,” Erlin said. “There is likely plenty of blame to go around for an incident like this, but the focus should be on how trust can be restored and affected victims can be protected.”

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • Report: 47 Percent of Security Service Providers Are Not Yet Using AI or Automation Tools

    Trackforce, a provider of security workforce management platforms, today announced the launch of its 2025 Physical Security Operations Benchmark Report, an industry-first study that benchmarks both private security service providers and corporate security teams side by side. Based on a survey of over 300 security professionals across the globe, the report provides a comprehensive look at the state of physical security operations. Read Now

    • Guard Services
  • Identity Governance at the Crossroads of Complexity and Scale

    Modern enterprises are grappling with an increasing number of identities, both human and machine, across an ever-growing number of systems. They must also deal with increased operational demands, including faster onboarding, more scalable models, and tighter security enforcement. Navigating these ever-growing challenges with speed and accuracy requires a new approach to identity governance that is built for the future enterprise. Read Now

  • Eagle Eye Networks Launches AI Camera Gun Detection

    Eagle Eye Networks, a provider of cloud video surveillance, recently introduced Eagle Eye Gun Detection, a new layer of protection for schools and businesses that works with existing security cameras and infrastructure. Eagle Eye Networks is the first to build gun detection into its platform. Read Now

  • Report: AI is Supercharging Old-School Cybercriminal Tactics

    AI isn’t just transforming how we work. It’s reshaping how cybercriminals attack, with threat actors exploiting AI to mass produce malicious code loaders, steal browser credentials and accelerate cloud attacks, according to a new report from Elastic. Read Now

  • Pragmatism, Productivity, and the Push for Accountability in 2025-2026

    Every year, the security industry debates whether artificial intelligence is a disruption, an enabler, or a distraction. By 2025, that conversation matured, where AI became a working dimension in physical identity and access management (PIAM) programs. Observations from 2025 highlight this turning point in AI’s role in access control and define how security leaders are being distinguished based on how they apply it. Read Now

New Products

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.