A data breach may have caused the personal information of almost 8,000 businesses seeking emergency loans last month from the Small Business Administration to be exposed to other businesses through the agency’s website.
According to reports, the SBA discovered on March 25 that thousands of business owners seeking help via the agency’s Economic Injury Disaster Loan program may have disclosed personal information to other applicants of the program — including names, income amounts, Social Security numbers, addresses, and contact information.
“We immediately disabled the impacted portion of the website, addressed the issue, and relaunched the application portal,” an SBA spokesperson said on Tuesday in a statement to CNBC.
The agency notified the business owners of the breach and said that, as of April 13, no evidence of misuse of the information has occurred, according to CNBC. Nevertheless, the affected businesses have been offered identity theft protection services for a year.
“Americans are fighting to keep their businesses alive, and the last thing they should have to worry about is whether or not their federal government is competent enough to protect their personal information,” said Sen. Ben Sasse, a Republican from Nebraska, in response to the data breach. “Washington has got to get it together.”
The disaster loan program, where the breach took place, is separate from the Paycheck Protection Program, which the Senate just voted to replenish after its first round of funding ran out.
