A data breach in the Small Business Association (SBA) loan application portal may have exposed the personal information of thousands of businesses last month as they submitted emergency loan applications during the COVID-19 pandemic, officials recently announced. The SBA has seen a large influx of applications from struggling businesses seeking emergency loans due to the coronavirus outbreak.
The data breach was caused by a glitch in the SBA website that allowed loan applicants to view the data of other applicants. The exposed information may have included names; addresses; email addresses; phone numbers; Social Security numbers; income; birth dates; citizenship and insurance information.
The personal information of 7,913 business owners may have been affected. The glitch was discovered in late March, but it is unclear how long the personal information of applicants was exposed. The SBA deactivated the affected area of the website, fixed the issue and relaunched the application portal.
Only the Economic Injury Disaster Loan program was affected; the Payroll Protection Program and other federal relief programs were not impacted by the glitch, according to SBA officials.
Affected businesses have been notified by the SBA. This glitch marks another headache for federal and local systems that are overwhelmed by applications from businesses and individuals seeking economic relief during the coronavirus pandemic.
While the data breach was not caused by any malicious actors, the exposed data is extremely sensitive and vulnerable to abuse including fraud, identity theft and other illegal activity.
The data breach also comes after small businesses are seeing an increase in scam attempts as business owners seek financial assistance during the COVID-19 pandemic.