The Personally Identifiable Information (PII) of 7,913 business owners who applied for an Economic Injury Disaster Loan may have been exposed to other applicants on the application site. Potentially exposed information includes Social Security numbers, addresses, dates of birth, and financial data, among other credentials. At this time, there is no evidence that this information has been misused.

The portal has since been fixed and the site has re-launched. Further, affected businesses have been offered a year of free credit monitoring. In the wake of a breach, it is important that companies offer the victims identity protections services. However, according to 4iQ’s 2019 Identity Protection & Data Breach Survey, more than half of respondents did not enroll in credit monitoring services offered by companies following a breach. It is apparent that many people do not see the value in these sort of services, which needs to change.