Small business owners applying for COVID-19 relief may have had PII exposed, agency says

[InfoSec News <alerts () infosecnews org>]

https://www.cyberscoop.com/sba-data-exposure-covid-19-loan-program-small-business-administration/

By Sean Lyngaas
CYBERSCOOP
April 5, 2020

As the federal agency overseeing relief to small businesses during the 
coronavirus pandemic was preparing to ramp up its lending, some of the Small 
Business Administration’s loan applicants may have had their personally 
identifiable information exposed to others, an agency spokeswoman tells 
CyberScoop.

“Personal identifiable information of a limited number of Economic Injury 
Disaster Loan applicants was potentially exposed to other applicants on [the 
Small Business Administration’s] loan application site,” SBA spokeswoman Carol 
Wilkerson said in a statement Saturday.

“We immediately disabled the impacted portion of the website, addressed the 
issue, and relaunched the application portal,” the statement continued. “SBA 
continues to process applications submitted via email, paper, and online.”

The cause of the data exposure at SBA, and for how long it occurred, was not 
immediately clear. Wilkerson did not respond to questions on why the PII may 
have been exposed and what types of data were affected.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_