open lock (Alexander Softog/Shutterstock.com)

Lawmakers seek 'complete accounting' of SBA data leak

Lawmakers want more information on exposure of personally identifiable information from thousands of companies applying to the Small Business Administration pandemic-relief loans.

In a letter to SBA Administrator Jovita Carranza on April 23,  Sens. Ben Cardin (D-Md.) and Marco Rubio (R-Fla.) and Rep. Nydia Velazquez (D-N.Y.)  said they are seeking "a complete accounting" about an incident in which personal data, including income and Social Security numbers of thousands Economic Injury Disaster Loans applicants, was exposed.

SBA confirmed press reports that EIDL applicants may have had some of their data exposed to other applicants. An administration official told CNBC that "we immediately disabled the impacted portion of the website, addressed the issue, and relaunched the application portal."

A twitter user posted a copy of the SBA letter on April 17, which said the "inadvertent disclosure" of PII was discovered on March 25.

SBA tech officials had a short time to build applications to handle the anticipated crush of applicants for a number of financial relief programs, including EIDL and the website to help small business apply for Paycheck Protection funding -- forgivable loans that incentivize businesses to retain employees during the current crisis.

Although SBA said there is yet not evidence that the exposed information is being misused, it is offering identity theft protection services to those affected by the breach.

A longer version of this article was first posted to FCW, a sibling site to GCN.

About the Authors

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at [email protected] or follow him on Twitter at @MRockwell4.


Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at [email protected], or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


Featured

  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/Shutterstock.com)

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.