More than 7,000 businesses applying for emergency loans may have had their personal information exposed by a Small Business Administration (SBA) data exposure. The SBA’s failure to secure the data, which was discovered on March 25, was due to a programming error in the administration’s online application portal for Economic Injury Disaster Loans (EIDL).
According to POLITICO, the application system may have disclosed personal information to other applicants of the program. Some of the personal information from the SBA data exposure may have included Social Security numbers, contact information, names, addresses and income amounts.
According to the SBA, the Paycheck Protection Program (PPP) was not affected because it began April 3 and is also handled by a separate online system. However, businesses that applied for an EIDL were notified about the Small Business Administration data exposure and have been offered one year of free credit monitoring services.
In a statement, the SBA said “We immediately disabled the impacted portion of the website, addressed the issue and relaunched the application portal. SBA continues to process applications submitted via email, paper and online.”
While exposing business data might not always rise to the same level of risk as personal data, personal and business data is often co-mingled when the business entity is a small business. Due to that, it is important that people impacted by the SBA data exposure protect both sets of data by freezing their personal and business credit if both are involved. The Identity Theft Resource Center (ITRC) also recommends those who could have been impacted monitor their accounts carefully for any suspicious activity, change the passwords for any accounts with sensitive information and to consider the free credit monitoring services that are being offered.
If anyone believes they are a victim of identity theft or have had their information exposed due to the Small Business Administration data exposure, they are encouraged to call the ITRC toll-free at 888.400.5530 or to live chat with an expert advisor. Advisors can help small businesses – who utilize a personal Social Security number – and consumers create an action plan that is tailored to their unique circumstances. Victims can also download the ITRC’s ID Theft Help App where they can track their steps in a customized case log. Documenting the process post-breach is more important now than ever with the recent requirements of victims to provide proof in order to receive compensation after a data breach settlement.
You might also like…