As if small businesses didn't have enough trouble, the Small Business Administration has notified nearly 8,000 businesses that their information may have been exposed to other businesses via the agency's website.
The application portal for Economic Injury Disaster Loans is the culprit, as CNBC's Kate Rogers reported Tuesday. She also reported that the SBA learned of the problem on March 25.
The Economic Injury Disaster Loans program existed before the coronavirus crisis, but the CARES Act passed by Congress to bolster the economy infused it with more money and established $10,000 advance Economic Injury Disaster Loans grants for businesses hit by the coronavirus.
Unlike the $349 billion Paycheck Protection Program created in the CARES Act to boost small businesses, applicants apply for EIDL directly through SBA, rather than banks.
"We immediately disabled the impacted portion of the website, addressed the issue, and relaunched" the application portal, an SBA spokesperson told NPR in an emailed statement. The SBA said that "personal identifiable information" of the businesses was exposed, but it did not respond to further questions on the nature of the data or what caused the data exposure.
The news comes after weeks of criticism of the SBA's small business assistance programs for coronavirus. Late guidance, technical difficulties and massive demand meant businesses had delays in accessing PPP loans.
Many businesses also missed out on the funds. The PPP and EIDL programs both ran out of money last week, and Congress has been working to agree on how to appropriate more money to both.