Personal data of 8,000 Economic Injury Disaster Loan applicants may have been shared with others

“We immediately disabled the impacted portion of the website, addressed the issue, and relaunched the application portal.”

Executives from nearly 8,000 small U.S. businesses that applied for Economic Injury Disaster Loans in the coronavirus crisis may have had personal data shared with other applicants, CNBC reports.

The SBA notified nearly 8,000 business owners that an EIDL application portal glitch led to the potential inadvertent disclosure of information, and offered them identity theft protection services for a year.

The letter sent to businesses says that, as of April 13, there is no evidence to suggest the information has been misused.

Yet.

More from CNBC:

“Personal identifiable information of a limited number of Economic Injury Disaster Loan applicants was potentially exposed to other applicants on SBA’s loan application site,” a senior administration official told CNBC. “We immediately disabled the impacted portion of the website, addressed the issue, and relaunched the application portal.”

The official said that, in order to access other business owners’ information, small business applicants must have been in the loan application portal.

If the user attempted to hit the page back button, he or she may have seen information that belonged to another business owner, not their own. The official said that 4 million small business owners applied for $383 billion in aid via the Economic Injury Disaster Loan program and Emergency grants. The two programs are funded for just $17 billion.