Small Business Owners Should Watch Out the PII Exposure While Applying for COVID-19 Relief

Incident Response Retainer and IR Readiness for building cyber resilience and mitigate data breach impact, contain malware and data breach response.

A survey of U.S. small businesses showed that 43% of companies said that if they could not obtain rapid cash injection or the economic situation could not be improved quickly, they might be closed permanently within six months. The survey also shows that 24% of small businesses have been temporarily closed, and 40% of small businesses that are still in operation said they may have to temporarily close in the next two weeks. Among the 500 small businesses surveyed, 43% said they would not survive without some government assistance and changes in economic conditions; 46% said that the economy needs 6 months to a year to recover. 54% of the companies surveyed said the status of the U.S. economy was “poor”. The survey also shows that more than half of the companies (56%) said that direct cash payment is the best way to rescue, and 30% of companies prefer loans from the Small Business Administration (SBA).

However, small businesses’ applications for COVID-19 relief may expose the Personal Identity Information (PII). According to SBA spokeswoman Carol Wilkerson, “PII of a limited number of Economic Injury Disaster Loan applicants was potentially exposed to other applicants on loan application site. We immediately disabled the impacted portion of the website, addressed the issue, and relaunched the application portal. SBA continues to process applications submitted via email, paper, and online.” An industry source looking for loan relief said the website had been functioning in the days prior to March 25, when he noticed the site was down.

Because of the disruptions caused by COVID-19, the SBA’s economic disaster loan program is offering up to $2 million to every qualified enterprise. The cause of the data exposure at SBA, why the PII may have been exposed and what types of data were affected, and for how long it occurred, was not immediately clear. Nevertheless, an SBA official claimed that the agency had begun notifying those who may have had their PII compromised and offering a-year-long free credit monitoring. An increasing number of Americans are turning to federal websites for crucial information on the coronavirus, raising the stakes for those websites’ security and privacy protections.

LIFARS’ interactive training modules deliver stimulating and engaging learning experiences to your employees, equipping them with the tools and resources they need to be successful active participants in the cybersecurity process. LIFARS provides highly focused skill training and practical experience to address the cyber workforce security needs for your organization. Our program is a flexible curriculum in scope, length, and content to suit the particular needs of our clients. Training can be administered in half-day, full-day, or multiple-day training sessions; online or on-premises sessions. We specialize in the following areas:

  • Incident Response Training
  • Technical Training
  • User Awareness Training
  • Executive Training
  • Other additional cybersecurity training options upon your request

The training curriculum is designed solemnly on the needs of our clients. Creating a more wholesome and qualitative experience. We include real-world examples and provide use cases and practical hands-on exercises to our program attendants to create a more intuitive experience for trainees to master the topic.


Contact LIFARS Immediately For

Mitigating Cyber Risks in Your Organization