Executives from nearly 8,000 small U.S. businesses that applied for Economic Injury Disaster Loans in the coronavirus crisis may have had personal data shared with other applicants, CNBC reports.
The SBA notified nearly 8,000 business owners that an EIDL application portal glitch led to the potential inadvertent disclosure of information, and offered them identity theft protection services for a year.
BREAKING: Nearly 8,000 small businesses notified that "personal identifiable information" may have been exposed due to issue on Small Business Administration web portal. (via @KateRogers) https://t.co/jn8limUSe7 pic.twitter.com/yRChbhKHE7
— CNBC Now (@CNBCnow) April 21, 2020
The letter sent to businesses says that, as of April 13, there is no evidence to suggest the information has been misused.
Yet.
“Personal identifiable information of a limited number of Economic Injury Disaster Loan applicants was potentially exposed to other applicants on SBA’s loan application site,” a senior administration official told CNBC. “We immediately disabled the impacted portion of the website, addressed the issue, and relaunched the application portal.”
The official said that, in order to access other business owners’ information, small business applicants must have been in the loan application portal.
If the user attempted to hit the page back button, he or she may have seen information that belonged to another business owner, not their own. The official said that 4 million small business owners applied for $383 billion in aid via the Economic Injury Disaster Loan program and Emergency grants. The two programs are funded for just $17 billion.
Sr. Admin official adds:
-the issue has been addressed, application portal relaunched
-Businesses notified and offered a year of free credit monitoring
-Discovery was made March 25th
-This impacts EIDL ONLY, not PPP #EIDL https://t.co/UxkcborvtW— Kate Rogers (@katerogers) April 21, 2020
We've learned of some new issues with the SBA's #EIDL application process:
-The SBA has notified nearly 8K businesses that their information may have been potentially exposed to other businesses in the application portal
– SBA immediately disabled the impacted portion of the site— Kate Rogers (@katerogers) April 21, 2020
More details on the #EIDL application portal glitch that may have exposed the personal data of 8K small business owners to other applicants…. the latest with @springbetsy: https://t.co/3HZgIJWPe9
— Kate Rogers (@katerogers) April 21, 2020