The Small Business Administration has reported it had a potential data breach last month in its website handling disaster loan applications.
The agency says the personal information of more than 7,000 business owners applying for economic injury disaster loans was potentially seen by other applicants on the SBA website on March 25.
was affected, not the Paycheck Protection Program, which did not begin until April 3 and which is handled by a separate system.
SBA spokeswoman Carol Wilkerson says the agency has notified the business owners whose information maybe have been exposed and offered them a year of free credit monitoring.
Nebraska Senator Ben Sasse offered a statement that states,
“Americans are fighting to keep their businesses alive and the last thing they should have to worry about is whether or not their federal government is competent enough to protect their personal information. We absolutely know that databases of social security numbers, addresses, and birth dates are ripe targets. Washington has got to get it together. This is a great example of why the Cyberspace Solarium Commission is clear-eyed about cyber expertise lying primarily within the private sector. In addition to calling for beefing up the Cybersecurity and Infrastructure Security Agency, the Commission proposes that the government find new ways to operationalize collaboration with the private sector.”
