Small Business Administration Exposes Personal Data of 7,000 COVID-19 Relief Applicants

The personal data of 7,000 small business owners applying for COVID-19 relief was recently exposed in a Small Business Administration data breach. Names, social security numbers, and financial details were made accessible to other users of the SBA’s disaster loan website. Recent data breaches have highlighted the need for stronger data protection laws. EPIC has urged Congress to update federal privacy law and to investigate whether systems adopted in response to the pandemic safeguard the privacy of Americans. In 2018, EPIC argued in response to the OPM data breach that "when personal data is collected by a government agency, that agency has a constitutional obligation to protect the personal data it has obtained."