Breach in the SBA Loan Program Affects 8,000 Businesses

As the United States government aims to cover additional individuals and businesses in light of the virus pandemic, the Small Business Administration (SBA) reports that it’s loan program affected nearly 8,000 applicants.

According to Forbes, news of the data breach comes after SBA gets another $60 billion for its loan boost. This amount is reportedly allocated for small businesses who will be covered under the economic disaster loans initiative handled by the SBA.

The data breach incident came to light after the Small Business Administration notified around 7,913 small business owners of the data breach in its system on March 25, 2020.

Breach in the SBA Loan Program

In a letter, the agency revealed that there had been a glitch in its website, potentially allowing other applicants to see sensitive information, notes American Banker.

The glitch in the system supposedly stemmed from a misconfigured web cache, reports American Banker. Applicants who pressed the back button may immediately see another small business applicant’s loan application details.

Among the compromised information include names of owners, Social Security numbers, addresses, contact details, date of births, email addresses, and marital status.

Apart from these, the applicant’s citizenship status, household size, disclosure inquiry, insurance details, and financial info may have been made vulnerable to the public and potential hackers.

Following the incident, SBA immediately disabled the flaw in its database. Moreover, the agency also revealed that it had “implemented additional safeguards to prevent any future inadvertent disclosure.”

To further aid potentially affected applicants and clients, SBA will be offering free credit monitory and identity protection services for 12 months. Applicants notified by the firm will also receive free credit reports and be entitled to insurance reimbursement coverage of $1 million, states Forbes.

Although the agency has reached out to its applicants and users via mail, it said that there has been no evidence that the personally identifiable information on its website has been misused.

In an interview with Forbes, senior security advisor at DomainTools Corin Imai said “[the] information is still too limited to assess the potential impact of the incident but despite no signs of the data being used for malicious purposes, it is still important for all the affected parties to watch out for socially engineered attacks.”

ABC News states that this is not the first issue that the agency has encountered. Within the last few months, business owners said that the disaster loan website also posed issues, prompting the firm to take down the site for maintenance on March 16, 2020.