Lawmakers call for answers on SBA data breach – FCW
Lawmakers Call for Answers on SBA Data Leak
Despite an issue that made headlines, the Small Business Administration had planned in advance to create technology tools to support legislative mandates for emergency business loans.
Lawmakers are seeking more information about the leakage of personally identifiable information of thousands of loan seekers through the Small Business Administration during the coronavirus pandemic.
Meaning. Ben Cardin (D-Md.) And Marco Rubio (R-Fla.) And Rep. Nydia Velazquez (DN.Y.) wrote to SBA Administrator Jovita Carranza on April 23 seeking “a full account” of an incident in which personal data, including income and social security numbers of at least 8,000 loans in the event of an economic disaster, were exposed.
SBA confirmed Press articles that EIDL applicants may have seen some of their data exposed to other applicants. An administration official told CNBC that “we immediately disabled the impacted portion of the website, fixed the issue, and relaunched the app portal.”
A Twitter user posted a copy of the SBA letter of April 17, according to which the “inadvertent disclosure” of PII was discovered on March 25.
SBA technical officials had little time to build apps to handle the early crash of applicants for a number of financial aid programs, including the EIDL and the website to help small businesses apply. paycheck protection funding – forgivable loans that encourage companies to retain employees during the current crisis.
“We had to build things up quickly, including the eight-day lender route,” said Maria Roat, SBA CIO, of her efforts to support the Paycheck Protection Program.
Roat, who spoke at a virtual event hosted on April 23 by the Association of Federal Information Resource Managers, was not asked about the data breach in the EIDL portal but spoke about some of the challenges. faced by teams who need to develop technology to support new legislative parameters.
Roat said the SBA’s IT operations anticipated some of the additional tasks of the Federal Economic Support Program, but that certain details were a moving target.
For large banks, the agency leveraged its existing portal for disaster lending and PPP, she said, but the SBA also had to work with a new cadre of small and medium enterprises.
“The usual portal of the 1,800 lenders we work with was already operational,” she said as the COVID crisis progressed. SBA built the Lender Gateway for Small and Medium Businesses in eight days.
The SBA, the Treasury and other agencies expected Congress to pass a stimulus bill since March.
“There was a lot of upfront planning. We had to watch the legislation for details,” she said.
Even though the agencies knew there would be money for the PPP program and disaster loans, the agencies did not know until the legislation was approved what the lending rules were and how. money would be managed.
“Which we had to react to quickly,” she said and threw out “what ifs” scenarios in anticipation. While the SBA provides disaster loans as part of its core program activity, “what was different was the large amount of money and the way it is controlled and distributed,” said Roat.
On the security side, Roat said, the SBA has been working on geofencing portals to limit access to the United States and its territories.
In addition to external portals, she said the agency has also strengthened its internal support capabilities, with new staff to handle inbound calls and online support requests.
Mark Rockwell is a senior editor at FCW, whose Pace focuses on Acquisition, the Department of Homeland Security and the Department of Energy.
Prior to joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security, from IT to detection dogs and border security. Over the past 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide range of high-tech issues for publications such as Communications Week, Internet Week, Fiber Optics News, the tele.com magazine and Wireless Week.
Rockwell received a Jesse H. Neal Award for his work on telecommunications issues and is a graduate of James Madison University.