The Small Business Administration (SBA) admitted this week that a website error may have exposed the data of up to 8,000 loan applicants.
Business owners applying for Economic Injury Disaster Loans (EIDL) were notified by the SBA that personal information may have been exposed to other applicants on the site. The information included Social Security numbers, tax identification numbers, addresses, birthdates, email addresses, phone numbers, citizenship status, income disclosures as well as other financial and insurance information.
At issue was a caching glitch on the site that displayed the data of other applicants when the “back” button was used on web browsers.
“We immediately disabled the website, we mitigated the risks, implemented additional safeguards to prevent any future disclosure,” stated the SBA in its letter disclosing the leak to applicants.
The SBA also announced that it would provide one year of identity protection to affected individuals, and that as of April 13, there have been no reported incidents of misuse of the potentially leaked data.