The emergency relief program typically issues loans to small businesses recovering from tornadoes and wildfires. But last month, the SBA expanded the program to include those hit by the coronavirus’s unprecedented economic fallout. EIDL funds are separate from the Paycheck Protection Program, which the White House and congressional leaders have been scrambling to replenish after its first round of funding ran out.
The SBA discovered March 25 that personal information might have been inadvertently disclosed, according to a letter sent by the SBA and shared with The Washington Post by Covid Loan Tracker, a community of 17,000 small-business owners tracing information on government loans. Personal information may have included names, Social Security numbers, addresses, birth dates, email addresses, phone numbers, citizenship status and insurance information. The letter, dated April 13, said there were no signs that the information had been misused.
The SBA did not immediately answer questions about how long the breach lasted or how it was discovered. Businesses that may have been affected were notified by the SBA and offered one free year of credit monitoring.
Even before the data issue, the EIDL program was crushed by a flood of applications that strained allocated funding and kept businesses waiting weeks, rather than days, for money. The loans are primarily meant to help small businesses cover rent or other expenses before larger loans come their way, and are designed to be disbursed within three days of an application.