SBA Reveals Potential Data Breach Impacting 8,000 Emergency Business Loan Applicants

The United States Small Business Administration (SBA) revealed a suspected data breach managed to impact their portal. The website is used by business owners to apply for emergency loans.

The agency said the incident may end up closing up to 8000 applicants to the Economic Injury Disaster Loan program (EIDL). The program offers business loans of up to $10,000 to small businesses currently struggling because of the COVID-19 pandemic. New applicants were not accepted at the time the news broke, due to what the agency calls 'available appropriations funding.'

EIDL Applicants May Have Had Their Personal Information Stolen

EIDL applicants registered before the attack may have had their names, Social Security numbers, email and physical addresses, citizen status, dates of birth as well as insurance information stolen by the attackers. CNN reported that a letter sent to loan applicants on April 13th explained that a breach had been spotted on March 25. Parts of the portal were disabled while the agency was working on solving the security fiction. There were no details released to the general public on the issue, before the relaunch of the website.

The SBA mentioned the website may have led to the disclosure of personally identifiable information to the other applicants. Although there is no evidence that the applicant data was stolen, the agency is offering a free year of credit monitoring for everyone who was potentially affected by the attack.

Nebraska Senator Says Washington Has to 'Get It Together'

Nebraska Senator Ben Sasse commented on the incident by saying Americans are fighting to keep their businesses alive. The last thing they should have to worry about is whether the federal government is competent enough to protect their personal information. He also said they know that these databases of addresses, social security numbers and birth dates are 'ripe targets' and that Washington has to 'get it together.'

During the week the SBA was dealing with this potential data breach, security researchers also found out the organization was the target of a phishing email campaign using its name.

According to IBM's X-Force, COVID-19 phishing has seen a 6000% increase over the course of about five weeks. The SBA, as well as other major US financial institutions are being impersonated and taken advantage of, with the emails claiming to come from SBA employees. The phishing scams are offering fake small business relief and financial assistance, meanwhile harvesting personal information from victims who fall prey to the lies.