8,000 small businesses notified that they may have had information exposed on SBA’s portal

Nearly 8,000 small businesses that applied for the Small Business Administration’s (SBA) Economic Injury Disaster Loan (EIDL) program had their information exposed to other applicants on the agency’s loan application site.

“Personal identifiable information of a limited number of Economic Injury Disaster Loan applicants was potentially exposed to other applicant’s on SBA’s loan application site,” a senior administration official told CNBC. “We immediately disabled the impacted portion of the website, addressed the issue and relaunched the application portal.”

The EIDL program is different from the Paycheck Protection Program (PPP). The PPP requires small businesses to work with banks and credit unions to access the money, but the EIDL program is a direct loan that businesses apply for from the SBA. The loan can be up to $10,000 and doesn’t have to be paid back.

CNBC’s Kate Rogers reported that the SBA notified all of the affected businesses and offered them a year of free credit monitoring. The agency said that there isn’t any evidence of an attempt to misuse the data that was leaked.

The loan program will receive $50 billion of additional funding in the latest stimulus package that was finalized Tuesday.