COVID-19 Disaster Relief Program Suffers Data Leak: 8,000 Businesses Compromised

It’s the last thing small businesses wanted to deal with. If your business submitted an SBA application for emergency loans, your information was possibly compromised.

Some security incidences just seem to have a particular flavour of cruelty attached to them. Imagine being the owner of, say, a flower shop. Business is pretty slow and things are already tight as it is. Then, the COVID-19 pandemic strikes, forcing everything to shut down. Sales of flowers fall through the floor and you are forced to close up shop, hoping to wait through this pandemic. Luckily, the Small Business Administration (SBA) unveiled an emergency loan program to help small businesses cope with the losses experienced during the pandemic. After submitting an application, you find out that, for whatever reason, you’ve been denied. Now, your future is uncertain.

Now imagine being that same business owner opening up the news today to find out that your information was also compromised on top of it all. At the very least, this just adds insult to injury to your situation. That sort of scenario is playing out for hundreds, if not thousands who applied through the SBA web portal. In all, roughly 8,000 applicants have been compromised. From Politico:

A data breach in the Small Business Association‘s online application portal may have compromised personal information for nearly 8,000 businesses seeking emergency loans last month, the agency said today.

In a letter to affected business owners, a copy of which was obtained by POLITICO, SBA said it discovered March 25 that the application system for Economic Injury Disaster Loans may have disclosed personal information to other applicants of the program — including Social Security numbers, income amounts, names, addresses and contact information.

Note: The article calls it the Small Business Association, but other sources call the affected organization the Small Business Administration.

The article goes on to say that SBA didn’t say how the incident occurred, but that the affected applicants have been notified. Additionally, the SBA said that they are offering 1 year of free credit monitoring to those affected.

April has been a pretty active month so far from the security incident standpoint. Earlier, we reported on the Aptoide data breach. In all, 39 million accounts were compromised. We also covered the data breach at the San Francisco International Airport. In that case, two websites were compromised. Additionally this month, we covered the ridiculous story where Marriott suffered from a third security incident. The incident sparked a lawsuit in response.

For clarity in this story, what was impacted has nothing to do with the payroll relief program. This is a security incident that affected a different disaster relief program.

Drew Wilson on Twitter: @icecube85 and Facebook.

2 Trackbacks and Pingbacks

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: