KTLA

SBA reports data breach may have exposed personal information of 8,000 disaster loan applicants

A man is typing with his hands on a keyboard of a MacBook Pro on February 04, 2020 in Berlin, Germany. (Felix Zahn/Photothek via Getty Images)

About 8,000 applicants for federal disaster loans may have had their personal information exposed to others using the loan application site, the Small Business Administration said Tuesday.

“Personal identifiable information of a limited number of Economic Injury Disaster Loan applicants was potentially exposed to other applicants on SBA’s loan application site. We immediately disabled the impacted portion of the website, addressed the issue, and relaunched the application portal,” the Small Business Administration said in a statement Tuesday.


The breach, which affected people applying for in the Economic Injury Disaster Loan program, was discovered on March 25, according to an SBA letter obtained by CNN. The letter, dated April 13, was sent to an individual whose information may have been breached.

“The website may have led to the inadvertent disclosure of personally identifiable information to other applicants,” the letter stated. It specified that Social Security or taxpayer identification numbers, addresses, birthdates, contact details, income and other financial information may have been accessible.

The SBA said in the letter there is no evidence to suggest any personal information was misused, but the agency said Tuesday it would offer anyone potentially affected a year of free credit monitoring.