Cybersecurity Threat Actors Target Data of Businesses Seeking Economic Relief

Akin Gump Strauss Hauer & Feld LLP

Akin Gump Strauss Hauer & Feld LLP

Cybersecurity threat actors are targeting information of businesses seeking assistance during this time of crisis. For example, last week the Small Business Administration (SBA) reported a suspected data breach, affecting close to 8,000 applicants to the Economic Injury Disaster Loan Program. The SBA said that the personal information of more than 7,913 business owners who applied for disaster loans was possibly seen by other applicants. The data breach comes as the SBA is grappling with a sharp increase in phishing emails that are using the SBA’s name claiming to offer relief for small businesses. Currently, the SBA is unable to accept new applications for the Economic Injury Disaster Loan, based on available appropriations funding.

The FBI has warned of increased cyberattacks and fraud schemes related to COVID-19. Business email compromise is also anticipated to rise as a result of the pandemic, with more than 1200 complaints already reported to the FBI related to COVID-19 fraud. As companies have shifted to remote work, they should adopt heightened cybersecurity protections, as suggested by the FBI:


  • Select trusted and reputable telework software vendors; conduct additional due diligence when selecting foreign-sourced vendors.
  • Restrict access to remote meetings, conference calls or virtual classrooms, including the use of passwords if possible.
  • Beware of social engineering tactics aimed at revealing sensitive information. Make use of tools that block suspected phishing emails or allow users to report and quarantine them.
  • Beware of advertisements or emails purporting to be from telework software vendors.
  • Always verify the web address of legitimate websites or manually type it into the browser.


  • Share links to remote meetings, conference calls or virtual classrooms on open websites or open social media profiles.
  • Open attachments or click links within emails from senders you do not recognize.
  • Enable remote desktop access functions like Remote Desktop Protocol (RDP) or Virtual Network Computing (VNC) unless absolutely needed.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Akin Gump Strauss Hauer & Feld LLP | Attorney Advertising

Written by:

Akin Gump Strauss Hauer & Feld LLP

Akin Gump Strauss Hauer & Feld LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.