Small Business Administration (SBA) Breached, Thousands of Owners’ Data at Risk

Small Business Administration (SBA) Breached, Thousands of Owners' Data at Risk

The Small Business Administration (SBA), a branch of the federal government, disclosed that almost 8,000 business owners may have suffered in a data breach. The breach affected owners applied for a loan, a common occurrence in the coronavirus era. The nature of breach proves unusual, in that it appears a configuration issue not caused by the cloud. 

ALERT: Our Buyer’s Guide for SIEM helps you evaluate the best solutions for your business use case and features profiles of the leading profiles, as well as a category overview of the marketplace and Bottom Line Analysis.

According to a statement given to CNBC by the Trump Administration, the security incident occurred in the Economic Injury Disaster Loans program website; the program was recently expanded in the CARES Act. If a small business owner logged into the loan application portal and attempted to go back to a previous page, they would see the information of the last business owner to log in, not their own data. 

The SBA discovered the breach in late March and notified affected users. The breach potentially exposed information including Social Security numbers, addresses, dates of birth, and financial data. At the time of writing, it does not yet appear the exposed data has been misused. Additionally, the SBA fixed the exposure problem; they also relaunched the site and offered one year of free credit monitoring for the affected. 

However, this security incident once again highlights the cybersecurity challenges facing enterprises that suddenly need to scale. The SBA website needed to suddenly expand in the wake of more loan requests as a result of the coronavirus and could not do so in a secure manner. Unfortunately, your enterprise may not enjoy the luxury of scaling according to a time table. A surge in business could actually prove a double-edged sword without the right cybersecurity.  

Instead of letting this happen to your enterprise, you need to embrace full next-generation cybersecurity and SIEM. Our Buyer’s Guide can help.   

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner