Research

The SBA Breach - Why Breaches Increase During Crisis

Written by Reflare Research Team | Apr 28, 2020 5:32:00 PM

The EIDL system had been breached for approximately five and a half hours. During this time, hackers gained access to sensitive business-related information.

First Published 28th April 2020

Covid is a convenient distraction that attackers are taking advantage of.

4 min read  |  Reflare Research Team

The American Small Business Administration (SBA) announced a breach last week. Those affected are businesses that applied for an Economic Injury Disaster Loan (EIDL) to soften the impact of the ongoing COVID-19 crisis. In this briefing, we will take a look at what happened in this specific case and why breaches tend to increase in frequency during times of crisis.

What happened?

On April 21st, 2020, the SBA announced that it had discovered a breach in its systems on March 25th, 2020. The breach occurred in the EIDL application system and was promptly fixed. Data affected is reported to include Social Security numbers, income amounts, names, addresses, and contact information. The SBA has not released any further information on the breach or why it did not inform the public of the incident for 34 days.

What is the likely impact?

While the exact scope of the breach is unclear, employees and owners of businesses that recently applied for EIDL are now likely to be at an increased risk of identity theft. The SBA has offered free identity protection services to all affected entities. Overall, we expect the impact to be minor in terms of criminal activity.

However, since the COVID-19 crisis is growing increasingly politicized, a political fallout stemming from the breach cannot be ruled out.

Why are there more breaches in times of crisis?

Several factors play a part. For one, crises usually require some sort of emergency response. The systems built for such a response are usually developed on very short timelines and with very high pressure with little if any time allocated to testing and auditing. This increases the likelihood of bugs making it into the code.

At the same time, criminal behaviour is partially driven by poverty. As a crisis puts more people under economic duress, the number of people potentially willing to perform cyber-attacks increases.

Lastly - the pressures that arise in times of crisis can make some people think less rationally, and thereby make them more susceptible to scams.