Thousands of businesses applying for disaster loans told of data leak


APRIL 21, 2020

A bug in a federal government website exposed the personal information of thousands of small-business owners applying for Economic Injury Disaster Loans last month. 

A representative for the Small Business Administration confirmed the leak to Business Insider, saying that a total of 7,913 applicants’ information was potentially exposed.

Businesses have applied for disaster loans in large numbers as they feel the economic fallout of the coronavirus pandemic. Small-business owners in all 50 states are eligible for $10,000 advances on the loans as part of the COVID-19 relief package enacted last month.

“Personal identifiable information of a limited number of Economic Injury Disaster Loan applicants was potentially exposed to other applicants on SBA’s loan application site. We immediately disabled the impacted portion of the website, addressed the issue, and relaunched the application portal,” the SBA representative told Business Insider.

The SBA has notified applicants of the exposure, CNBC first reported Tuesday. The data exposure affects only applicants for EIDL loans, not Paycheck Protection Program loans, the representative said.

In early April, business owners told CBS News that when they tried to apply for the loans, they noticed other businesses’ information — including Social Security numbers, emails, phone numbers, and addresses — already filled in on the registration page. The SBA confirmed the leaks at the time.

The SBA has addressed the issue, relaunched the portal, and offered people who might have been affected one year of free credit monitoring, the representative said.

Courtesy/Source: Business insider