Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

SBA Reports Data Breach in Disaster Loan Application Website

Thousands of small business owners reeling from the aggressive measures taken to halt the spread of the coronavirus may have had their personal information exposed last month on a government website that handles disaster loan applications.

Thousands of small business owners reeling from the aggressive measures taken to halt the spread of the coronavirus may have had their personal information exposed last month on a government website that handles disaster loan applications.

The Small Business Administration said Tuesday that the personal information of more than 7,000 business owners applying for economic injury disaster loans was potentially seen by other applicants on the SBA website on March 25.

The SBA said only the disaster loan program was affected, not the Paycheck Protection Program, which did not begin until April 3 and which is handled by a separate system.

SBA spokeswoman Carol Wilkerson said the agency has notified the 7,913 owners whose information may have been exposed and offered them a year of free credit monitoring. The agency immediately disabled the affected part of its system, Wilkerson said.

In a letter to affected owners obtained by The Associated Press, the SBA said there is no evidence the exposed data has been misused. The information included names, Social Security numbers, birth dates, financial information, email addresses and phone numbers.

Business owners have had issues with the disaster loan website before. The site was taken down for maintenance for several hours on March 16, and owners could not apply during that time. On March 29, the SBA revised its application process for the disaster loans and owners had to reapply. Many learned days or weeks later that they needed to reapply.

Advertisement. Scroll to continue reading.

“It’s frustrating that now I have to deal with that too,” said Adam Rammel, co-owner of Brewfontaine, a restaurant in Bellefontaine, Ohio. He received his disaster loan money Tuesday after a month’s wait and also received a paycheck protection loan.

“I received money from them, but they didn’t have the greatest start,” he said of the SBA.

The SBA also said it had processed more than 755,000 disaster loan advances, $10,000 each and totaling nearly $3.3 billion as of Monday. The advances are essentially grants. The agency also said it processed nearly 27,000 disaster loans totaling nearly $5.6 billion.

Business owners apply for disaster loans directly to the SBA website, www.sba.gov, unlike the paycheck protection loans that are sought through banks and then approved by the SBA.

The Senate passed and sent to the House Tuesday a bill that would add $300 billion to the Paycheck Protection Program, which ran through its initial $349 billion appropriation last week after the SBA approved more than a million loans. Thousands of business owners have applications waiting to be sent to the SBA for approval, or are waiting to apply.

Related: Pompeo Concerned by Cyber Attacks on Czech Hospitals

Related: Internet Overseers Seek Crackdown on Coronavirus Website Scams

Related: Coronavirus Confinement Challenges Intelligence Services

Related: US, Britain Warn That Hackers Increasingly Use Coronavirus Bait

Written By

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.