News Release


Statement: SBA data breach puts business owners at risk of ID theft and other fraud

For Immediate Release

WASHINGTON -- The Small Business Administration (SBA) announced Tuesday that the personal information of nearly 8,000 business owners applying for federal disaster loans had been exposed. The breach affects applicants to the Economic Injury Disaster Loan program (EIDL), and may have included names, Social Security numbers, addresses, birth dates, email addresses, phone numbers, citizenship statuses and insurance information.

Mike Litt, U.S. PIRG Education Fund Consumer Campaign director, issued the following statement in response:

“Business owners who applied for these emergency loans are going through a lot already. The last thing they need is to have to worry about fraud. This isn’t just a ‘watch out for phishing’ data breach. The SBA’s data breach now puts these applicants at risk of identity theft, Social Security benefits fraud, tax refund fraud, medical services fraud, and possibly insurance fraud. 

“Offering a free year of credit monitoring isn’t enough. The SBA needs to clearly explain to those exposed in this breach that they are at risk, spell out what they can do to protect themselves, and above all, make sure this doesn’t happen again.

“With just your name and Social Security number, an ID thief can open a new credit account in your name. Credit monitoring will only alert people after a fraudulent account has been opened. The best way to prevent a fraudulent account from being opened in the first place is by getting free credit freezes at the national credit bureaus. 

“Because birth dates were also exposed, applicants affected by this breach are also at risk of Social Security benefits, tax refund and medical services fraud. Also, depending on what insurance information was exposed, people might also be at risk of insurance fraud.”

U.S. PIRG Education Fund recommends the following steps for these types of fraud:

  • Health Care Services/Medical Benefits Fraud: Sign up for online accounts with your health care and insurance providers to periodically check for any fraudulent services on your statements.

  • Phishing Scams: Ignore unsolicited requests for information by email, links, phone calls, pop-up windows or text messages.


U.S. PIRG (Public Interest Research Group) Education Fund, is an independent, non-partisan group that works for consumers and the public interest. Through research, public education and outreach, we serve as counterweights to the influence of powerful special interests that threaten our health, safety or well-being.

Support us

Your tax-deductible donation supports U.S. PIRG Education Fund’s work to educate consumers on the issues that matter, and the powerful interests that are blocking progress.

Learn More

You can also support U.S. PIRG Education Fund’s work through bequests, contributions from life insurance or retirement plans, securities contributions and vehicle donations. 

U.S. PIRG Education Fund is part of The Public Interest Network, which operates and supports organizations committed to a shared vision of a better world and a strategic approach to social change.