The Small Business Administration has warned applicants for its coronavirus-linked Economic Injury Disaster Loans that their data may have been inadvertently leaked.
The potential breach, which affects about 7,900 loan applicants, could have shown information including Social Security numbers, contact information, and income data to other applicants, Politico reports, citing a letter to those who applied. Those affected are reportedly being offered a year of free credit monitoring.
The breach, which doesn’t affect applicants for the separate Payroll Protection Program loan offering, drew swift criticism from activists and some in Congress. It comes as the small-business relief programs have generally come under fire for payouts to large chain businesses rather than the mom-and-pop operations many envisioned would see relief.
“Americans are fighting to keep their businesses alive, and the last thing they should have to worry about is whether or not their federal government is competent enough to protect their personal information,” Republican senator Ben Sasse of Nebraska in a statement. “We absolutely know that databases of Social Security numbers, addresses, and birth dates are ripe targets. Washington has got to get it together.”
Businesses and individuals seeking help in dealing with the coronavirus pandemic have generally been targeted by hackers and scammers. IBM X-Force recently warned of phishing emails impersonating the SBA. Security firm Vade Secure even recently warned of emails that threatened to disclose recipients’ personal data—and infect their families with the coronavirus.