SBA Data Breach Highlights a Need for High-level Customer Security

May 18th, 2020   |     |  culture and news, security & compliance

The Small Business Association (SBA) recently revealed a data breach discovered in late March that may have exposed the personal information of nearly 8,000 small business owners.

As a response to the COVID-19 outbreak, the SBA is offering two types of loans for small businesses, the Economic Injury Disaster Loans (EIDL) and the Paycheck Protection Program loans (PPP). Only the EIDL applicants were affected by this breach, and those whose information was accessed should receive a paper letter with information on next steps.

According to a spokesperson from the SBA, the problem was due to a misconfigured web cache. When applicants using the portal hit the back button, they may have been able to see the previous applicant’s information. While the SBA has stated that there’s no evidence of misuse of the exposed information, they’re offering free credit monitoring through ID Experts for a year to all potential victims. They’ve also fixed the problem and relaunched the corrected version of the site.

Breached information likely included applicants’ names, Social Security numbers, addresses, birth dates, emails, marital status, citizenship status, household size, disclosure inquiry, and financial and insurance information.

You and Your Customers’ Security

Every time you enter your personal credentials into a website, you’re trusting that this information is protected somehow. While there are a number of best practices for securing personal data, many companies take insufficient measures to safeguard your data, potentially exposing your private information.

OneLogin can help you avoid potentially exposing your customers’ personal information through our Customer Identity and Access Management (CIAM). CIAM is a part of the Identity and Access Management (IAM) world that focuses specifically on managing customer identities and controls customer access to a company’s website or app.

If you’re considering implementing a CIAM for your company’s website, your big priorities should be simplicity, security, reliability, and API-first.

Simplicity

A simple registration process is quick and easy with a low bar to entry. Users should be able to easily gain access to the information they need and reset their own passwords easily in as few steps as possible.

By using social sign-on and adaptive multi-factor authentication (MFA), CIAM bypasses the need for your users to come up with yet another unique password for your site(s). It also gives you cleaner identity data on your customers and offers a more seamless user experience for them.

Security

Your CIAM platform needs to provide secure login access while ensuring that bad actors are unable to impersonate your users and get access to individual accounts or corporate data. This means you need multi-factor authentication.

To maintain simplicity and security without creating user fatigue, an adaptive MFA is even better. Adaptive MFA can track user patterns and notice if they’re logging into the same things all the time. If the user is following their typical patterns, then the MFA gets suppressed to avoid a cumbersome user experience.

Reliability

It is business-critical that your application is available to your users even if some sort of outage occurs. If your app is down when a customer needs access, or if your login process creates a bottleneck with high traffic, that customer will most likely go elsewhere. Any sort of outage or delay can cost the company money, so the CIAM solution you choose should be a reliable, scalable solution.

API-First

Because a CIAM solution needs to be so embedded in your application, look for vendors who have an API-first approach to their product.

Most importantly when a development team is looking for a CIAM solution they need a company that has taken an API first approach to their product. An API-First Approach means that priority in the development of the platform goes to the APIs to ensure the APIs are consistent and reusable.

Most companies understand that in order to ensure that their own employees have a secure and simple login process, an Identity and Access Management (IAM) solution is imperative and they would rarely consider trying to develop their own IAM solution. Yet, when it comes to the applications they develop for their customers that is exactly what they are often attempting to do, and thus we are all too often seeing headlines about customer accounts being breached. A CIAM solution provides an answer to this problem.

Alicia Townsend, Dir. of Content and Documentation
About the Author

For almost 40 years, Alicia Townsend has been working with technology as both a consultant and a trainer. She has a passion for empowering others to use technology to make their lives easier. As Director of Content and Documentation at OneLogin, Ms. Townsend works with technical writers, trainers and content marketing writers to inspire and empower everyone to take advantage of what OneLogin’s platform has to offer them.

View all posts by Alicia Townsend

Alicia Townsend, Dir. of Content and Documentation
About the Author

For almost 40 years, Alicia Townsend has been working with technology as both a consultant and a trainer. She has a passion for empowering others to use technology to make their lives easier. As Director of Content and Documentation at OneLogin, Ms. Townsend works with technical writers, trainers and content marketing writers to inspire and empower everyone to take advantage of what OneLogin’s platform has to offer them.

View all posts by Alicia Townsend

Secure all your apps, users, and devices