Small Business Administration (SBA) Breached, Thousands of Owners’ Data at Risk
The Small Business Administration (SBA), a branch of the federal government, disclosed that almost 8,000 business owners may have suffered in a data breach. The breach affected owners applied for a loan, a common occurrence in the coronavirus era. The nature of breach proves unusual, in that it appears a configuration issue not caused by the cloud.
According to a statement given to CNBC by the Trump Administration, the security incident occurred in the Economic Injury Disaster Loans program website; the program was recently expanded in the CARES Act. If a small business owner logged into the loan application portal and attempted to go back to a previous page, they would see the information of the last business owner to log in, not their own data.
The SBA discovered the breach in late March and notified affected users. The breach potentially exposed information including Social Security numbers, addresses, dates of birth, and financial data. At the time of writing, it does not yet appear the exposed data has been misused. Additionally, the SBA fixed the exposure problem; they also relaunched the site and offered one year of free credit monitoring for the affected.
However, this security incident once again highlights the cybersecurity challenges facing enterprises that suddenly need to scale. The SBA website needed to suddenly expand in the wake of more loan requests as a result of the coronavirus and could not do so in a secure manner. Unfortunately, your enterprise may not enjoy the luxury of scaling according to a time table. A surge in business could actually prove a double-edged sword without the right cybersecurity.
Instead of letting this happen to your enterprise, you need to embrace full next-generation cybersecurity and SIEM. Our Buyer’s Guide can help.
Widget not in any sidebars