A data leak affected a COVID-19 disaster relief loan system operated by the SBA. Now, US lawmakers are pushing for answers into what exactly happened.
Late last week, we reported on the US Small Business Administration (SBA) data leak. The leak saw nearly 8,000 small business applicants exposed. The loan system portal was set up to offer emergency loans for small businesses suffering from the COVID-19 lockdowns. This is, of course, separate from the payroll disaster relief program. In response, the SBA said that the portion of the website affected by the leak has been fixed. Additionally, the SBA said that those affected will be offered 1 year of free credit monitoring.
Unfortunately for the SBA, this doesn’t seem to be enough for some lawmakers. Senators and a congressman from both major parties are now pushing for answers into what exactly happened. From FCW:
Sens. Ben Cardin (D-Md.) and Marco Rubio (R-Fla.) and Rep. Nydia Velazquez (D-N.Y.) wrote to SBA Administrator Jovita Carranza on April 23 seeking “a complete accounting” about an incident in which personal data including income and Social Security numbers of at least 8,000 Economic Injury Disaster Loans were exposed.
SBA confirmed press reports that EIDL applicants may have had some of their data exposed to other applicants. An administration official told CNBC that “we immediately disabled the impacted portion of the website, addressed the issue, and relaunched the application portal.”
A twitter user posted a copy of the SBA letter on April 17, which said the “inadvertent disclosure” of PII was discovered on March 25.
SBA tech officials had a short time to build applications to handle the anticipated crush of applicants for a number of financial relief programs, including EIDL and the website to help small business apply for Paycheck Protection funding – forgivable loans that incentivize businesses to retain employees during the current crisis.
“We had to build things quickly, including the lender gate way in eight days,” said Maria Roat, SBA CIO, of its efforts to support the Paycheck Protection Program.
It’s unclear how far this push for answers will go, but at the very least, it is causing some lawmakers to take notice.
While the leak is a pretty small one compared to other security incidences we’ve reported on in the last few months, this does seem to have its own flavour of cruelty to it. As we mentioned in the previous report, one can only imagine just how bad things could be for the businesses who were forced to ask for these loans only to not only get turned away, but also having their information compromised just because they applied for it. A scenario like that has to be brutal to go through.
We’ll continue to monitor the story for any additional developments as things unfold.
Drew Wilson on Twitter: @icecube85 and Facebook.