BreachExchange mailing list archives
Application for disaster loans exposed business owners' personal data
From: Destry Winant <destry () riskbasedsecurity com>
Date: Wed, 8 Apr 2020 09:31:41 -0500
https://www.newsday.com/news/health/coronavirus/sba-emergency-loan-security-1.43485699 About 100 business owners had personal information exposed when they used a government online portal that was unsecured to apply for federal disaster loans, officials said Friday. The information, including names, addresses, birth dates and Social Security numbers, was exposed to other users of the online application portal, according to the U.S. Small Business Administration, which runs the disaster loan program. The agency hasn’t yet provided geographic information for the business owners who had their personal information exposed. However, they are being notified individually and offered free credit monitoring for one year. SBA disabled the portal’s online application function on Wednesday. It was unclear on Friday how long the personal information was exposed. Applicants are being directed to download PDFs of the application forms at disasterloan.sba.gov/apply-for-disaster-loan/index.html and upon completion upload them to the SBA via the BOX widget on the website. Completed applications also may be emailed to disasterloans@sba,gov, faxed to 202-481-1505 or sent via postal mail to the U.S. Small Business Administration Processing and Disbursement Center, 14925 Kingsport Rd., Fort Worth, Texas, 76155. “Personal identifiable information of approximately 100 Economic Injury Disaster Loan applicants was potentially exposed to other applicants on the SBA’s loan application site,” agency spokeswoman Jennifer F. Kelly said Friday from Washington. “We immediately disabled the impacted portion of the website." The agency said Thursday it has seen “a surge of applications from Long Island.” The disaster loans are for up to $2 million per applicant and can be repaid over a maximum of 30 years. The interest rate is 3.75%. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Application for disaster loans exposed business owners' personal data Destry Winant (Apr 09)