Please Note

The Washington Post is providing this important information about the coronavirus for free. For more free coverage of the coronavirus pandemic, sign up for our Coronavirus Updates newsletter where all stories are free to read.

The personal information of thousands of small businesses applying for federal disaster loans was potentially exposed to other applicants, marking the latest glitch in the rollout of government programs designed to help companies crippled by the coronavirus pandemic.

Nearly 8,000 applicants to the Economic Injury Disaster Loan program (EIDL) — a long-standing program run by the Small Business Administration (SBA) — may have been affected. In a statement, the SBA said that it “immediately disabled the impacted portion of the website, addressed the issue, and relaunched the application portal.”

The emergency relief program typically issues loans to small businesses recovering from tornadoes and wildfires. But last month, the SBA expanded the program to include those hit by the coronavirus’s unprecedented economic fallout. EIDL funds are separate from the Paycheck Protection Program, which the White House and congressional leaders have been scrambling to replenish after its first round of funding ran out.

The SBA discovered March 25 that personal information might have been inadvertently disclosed, according to a letter sent by the SBA and shared with The Washington Post by Covid Loan Tracker, a community of 17,000 small-business owners tracing information on government loans. Personal information may have included names, Social Security numbers, addresses, birth dates, email addresses, phone numbers, citizenship status and insurance information. The letter, dated April 13, said there were no signs that the information had been misused.

The SBA did not immediately answer questions about how long the breach lasted or how it was discovered. Businesses that may have been affected were notified by the SBA and offered one free year of credit monitoring.

Even before the data issue, the EIDL program was crushed by a flood of applications that strained allocated funding and kept businesses waiting weeks, rather than days, for money. The loans are primarily meant to help small businesses cover rent or other expenses before larger loans come their way, and are designed to be disbursed within three days of an application.