Agency Leaks Details Of 8,000 Businesses Applying For COVID Relief
The U.S. Small Business Administration (SBA) is in damage control after a bug on its website caused a wide-sprawling leak of up to 8,000 already vulnerable companies.
A website was set up by the SBA to provide financial relief for small businesses feeling the pressure from the COVID-19 pandemic, known as the Economic Injury Disaster Loan (EIDL) portal. The portal took applications from organisations “currently experiencing a temporary loss of revenue,” and was handing out $10,000 grants to eligible businesses.
The bad news for these organisations was that the SBA’s website in March of this year contained a bug that exposed the personal details - including social security numbers, addresses and other personally identifiable information - to other applicants that were using the portal.
“Personal identifiable information of a limited number of Economic Injury Disaster Loan applicants was potentially exposed to other applicants on SBA’s loan application site,” an SBA representative told Business Insider.
“We immediately disabled the impacted portion of the website, addressed the issue, and relaunched the application portal,” they continued to explain. The SBA did not confirm exactly how long the sensitive information was visible or accessible for, however, they have offered 12 month’s worth of free credit monitoring to mitigate the potential of fraud for those potentially embroiled in the leak.
The SBA representative made it clear that they had notified all the applicants of the EIDL program, and that the data exposed impacted only economic injury disaster loans, and not Paycheck Protection Program loans.
The EIDL relief program was established to assist business owners impacted by natural disasters like tornadoes, tropical cyclones or wildfires. Last month, however, it was expanded to include organisations that had been negatively impacted by the COVID-19 pandemic and it’s unprecedented economic hit to businesses worldwide.
According to a report from The Washington Post, “even before the data issue, the EIDL program was crushed by a flood of applications that strained allocated funding and kept businesses waiting weeks, rather than days, for money. The loans are primarily meant to help small businesses cover rent or other expenses before larger loans come their way, and are designed to be disbursed within three days of an application.”