CNN reported that about 8,000 applicants for federal disaster loans may have had their personal information exposed to others using the loan application site, the Small Business Administration said Tuesday.
SBA website leaks personal data of 8,000 small-business loan applicants https://t.co/Fy9BIMBXz0 pic.twitter.com/Gox4rxZklE
— Fortune Tech (@FortuneTech) April 21, 2020
Experts Comments
Organisations must have a reliable Software Development Lifecycle program.
Organisations with robust security programs will benefit from security awareness training programs for all employees, including developers of software applications and websites. Within the security program, education must be provided to employees to allow them to make the appropriate security decisions to support and protect the organisation. Organisations must have a reliable Software Development Lifecycle program, where it can effectively develop and review code and also assess it for any.....Read More
Have best practices like data-centric security been traded-off to launch quickly.
It’s clear that prioritizing services to save vulnerable small businesses in a pandemic is a priority, but this exposure begs more questions about application data handling risk. Have best practices like data-centric security been traded-off to launch quickly, leading to further exposure and attack down the line? The last thing these businesses need is their identity data abuse cascading to deeper economic injury risk.
Attackers are smart, following the money, and the path of least.....Read More
It’s difficult for an affected party to really understand what the impact will be.
Initial disclosures of these kinds of breaches are often filled with qualifiers like “may” and “might have included.” It’s difficult for an affected party to really understand what the impact will be.
Government developed and deployed systems are subject to the same risks, and perhaps more, than commercial enterprises. While any breach is unfortunate, it’s especially painful when the government exposes the personal data of citizens.
There is likely plenty of blame to go around.....Read More
The SBA, on its part, will have to take all the necessary steps to restore the trust of the businesses it exists to support.
Although contained in size, this data breach is unfortunate both because of the sensitivity of the information exposed and because of the nature of the institution involved.
Information is still too limited to assess the potential impact of the incident, but despite no signs of the data being used for malicious purposes, it is still important for all the affected parties to watch out for socially engineered attacks such as spear phishing and BEC compromise. The SBA, on its part, will have to.....Read More
Chris Rothe, co-founder and chief product officer, Red Canary
Systems like the EIDL application portal that have to be rushed to production are more likely to contain security issues like this.
Software is developed by humans and they make mistakes. If they have more time to test before the software goes live, they have a better chance of avoiding issues with the functionality or security of an application.
This is essentially a repeat of what we saw with the Iowa caucus app which was built very quickly and not tested well enough before it being.....Read More
Dot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
Linkedin Message
@Paul Bischoff, Privacy Advocate, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"it seems no malicious parties accessed the data..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insight-on-news-sba-website-leaks-personal-data-of-8000-small-business-loan-applicants
Facebook Message
@Paul Bischoff, Privacy Advocate, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"it seems no malicious parties accessed the data..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insight-on-news-sba-website-leaks-personal-data-of-8000-small-business-loan-applicants