Womply The Record

Fact sheet · the documented record

Womply gave government investigators data on roughly 1.5 million PPP loan applications.

From 2021 to 2024, Womply answered legal process (grand jury subpoenas, civil investigative demands, search warrants, and records requests) from 48 federal, state, and local agencies investigating PPP fraud. In one May 2021 export it gave the Department of Homeland Security identity and IP data covering about 1.47 million applications. Every figure below is counted from Womply’s own production files.

~1.47M
Distinct loan applications Womply provided data on.
2.9M
Total data records produced to government.
48
Agencies & offices that received Womply records.
370+
Separate productions answering legal process.
40+
Data fields per application record produced.
Largest single production U.S. Department of Homeland Security: bulk data export
May 5, 2021
2,893,890
identity / IP records
1,474,108
distinct loan applications

A single 258 MB export pairing each application with its identity-verification inquiry and the IP addresses and countries seen during sign-up: the kind of data investigators use to map fraud rings. One production, to one agency, that by itself covers well over a million applications.

Who received Womply’s data

From 2021 to 2024 Womply answered legal process from at least 48 federal, state, and local agencies investigating PPP fraud, in more than 370 separate productions of court-admissible records.

Federal: law enforcement & inspectors general

FBI · DOJ U.S. Attorney’s Offices · U.S. Postal Inspection Service · Homeland Security (DHS) · U.S. Secret Service · U.S. Trustee Program · IRS · SBA Office of Inspector General · Dept. of Labor · Treasury · Defense — DoD, Army, Air Force · HUD OIG · Social Security Admin. · ATF · FDIC · DEA · State Dept. · Veterans Affairs · EPA · USDA · HHS · CIGIE

Federal: regulator, legislative & other

Federal Reserve · U.S. Senate Permanent Subcommittee on Investigations · Amtrak

State & local: 21 agencies across 10+ states

Georgia Attorney General · Cook County, IL · Las Vegas Metro PD · Chicago PD · Kansas City PD · Sacramento County SO, CA · Delray Beach PD, FL · Burlington & Essex County, NJ · Will / DuPage / Joliet / Steger, IL · Collier & Walton County, FL · and more

Types of legal process answered Grand jury subpoenas · Civil investigative demands (CIDs) · Federal criminal / trial subpoenas · Search warrants · State & local subpoenas · Agency records requests

What each production contained

A typical subpoena response was a complete, self-authenticating package, built so prosecutors could put it straight into evidence:

  • The legal process: the subpoena, CID, or warrant.
  • Summary of search results for the named targets.
  • IP-address history tied to the applications.
  • Application data export: the 40+ fields below.
  • Application documents & uploads applicants submitted.
  • Communications records.
  • Sworn Certification of Records: court-admissible business records.

Application-data fields produced (40+ per record)

Each application record carried more than forty fields across five categories, far more than a typical loan file:

LoanSBA loan number, amount, draw type, lender, deal stage, submitted-to-SBA & funded dates
ApplicantName, date of birth, address, phone, email
BusinessDBA / trade name, address, tax ID (EIN), NAICS code
DemographicsVeteran status, gender, ethnicity, race
BankingACH routing number, ACH account number

More data than most lenders collected

Because Womply was a technology platform rather than a lender, it captured far more than a standard loan file. Alongside the loan paperwork it held each applicant’s identity-verification inquiries, the IP addresses and countries seen at sign-up, device and timestamp histories, and every document uploaded — the 40+ fields above. Most lenders never collected data at that depth.

That granularity is what made fraud visible. A single application can look clean on its own; organized rings only stand out across thousands of records: shared IP addresses, reused identities, common devices. It is how Womply flagged its first coordinated fraud ring, identified 13,798 loans tied to compromised identities, and could hand investigators data structured to map fraud across the program.

That same depth is what made the records hold up in court. Federal prosecutors in more than ten districts introduced Womply’s records as certified business records, authenticated alongside the SBA and major banks, with no defense challenging their reliability, and in one trial the login and upload logs disproved a defendant’s sworn testimony that he “didn’t fill out anything.”

Source: Womply’s “Government Data Sharing” archive, counted directly from the files (June 2026). The 258 MB DHS export was downloaded and parsed in full (2,893,890 rows; 1,474,108 distinct application references); the ~370 subpoena productions were tallied matter-by-matter (~24,000 detailed records, overlapping the DHS set). Figures are records produced. Privacy: aggregate only — to respect grand-jury secrecy (Fed. R. Crim. P. 6(e)) and borrower privacy, no individual investigations, targets, or applicant data are reproduced.

Overview: Womply & the government → The full dated 2020–2021 timeline & source notes → Download a printable one-page PDF →
← Back to the full documented record

Read more of the record

Womply & the government → How Womply reported fraud and supported federal investigations. How Womply screened for fraud → The multi-vendor identity and document checks behind the platform. The $117.9M arbitration award → How an arbitrator upheld Womply’s fees and rejected a $420M clawback.