You are hereHome >
WASHINGTON -- The Small Business Administration (SBA) announced Tuesday that the personal information of nearly 8,000 business owners applying for federal disaster loans had been exposed. The breach affects applicants to the Economic Injury Disaster Loan program (EIDL), and may have included names, Social Security numbers, addresses, birth dates, email addresses, phone numbers, citizenship statuses and insurance information.
Mike Litt, U.S. PIRG Education Fund Consumer Campaign director, issued the following statement in response:
“Business owners who applied for these emergency loans are going through a lot already. The last thing they need is to have to worry about fraud. This isn’t just a ‘watch out for phishing’ data breach. The SBA’s data breach now puts these applicants at risk of identity theft, Social Security benefits fraud, tax refund fraud, medical services fraud, and possibly insurance fraud.
“Offering a free year of credit monitoring isn’t enough. The SBA needs to clearly explain to those exposed in this breach that they are at risk, spell out what they can do to protect themselves, and above all, make sure this doesn’t happen again.
“With just your name and Social Security number, an ID thief can open a new credit account in your name. Credit monitoring will only alert people after a fraudulent account has been opened. The best way to prevent a fraudulent account from being opened in the first place is by getting free credit freezes at the national credit bureaus.
“Because birth dates were also exposed, applicants affected by this breach are also at risk of Social Security benefits, tax refund and medical services fraud. Also, depending on what insurance information was exposed, people might also be at risk of insurance fraud.”
U.S. PIRG Education Fund recommends the following steps for these types of fraud:
New Account Fraud (including cell phone, credit card, loan and utilities accounts): Get credit freezes at all three nationwide credit bureaus -- Equifax, Experian, and TransUnion -- plus, the National Consumer Telecom & Utilities Exchange (NCTUE).
Tax Refund Fraud: File your taxes as soon as possible, before thieves do. Also, if you qualify, get an Identity Protection (IP) PIN.
Social Security Benefits Fraud: Sign up for your “my Social Security” (MySSA) account before thieves claim it and change your direct deposit info to route into their checking accounts.
Health Care Services/Medical Benefits Fraud: Sign up for online accounts with your health care and insurance providers to periodically check for any fraudulent services on your statements.
Phishing Scams: Ignore unsolicited requests for information by email, links, phone calls, pop-up windows or text messages.
U.S. PIRG (Public Interest Research Group) Education Fund, is an independent, non-partisan group that works for consumers and the public interest. Through research, public education and outreach, we serve as counterweights to the influence of powerful special interests that threaten our health, safety or well-being.
Your tax-deductible donation supports OSPIRG Foundation’s work to educate consumers on the issues that matter, and the powerful interests that are blocking progress.
You can also support OSPIRG Foundation’s work through bequests, contributions from life insurance or retirement plans, securities contributions and vehicle donations.