US exposes 1000's of SSNs for years in web-accessible database
Officials at the Agriculture Department and the Census Bureau, which maintains the database, were evidently unaware that the Social Security numbers were accessible in the database until they were notified last week by a farmer from Illinois, who stumbled across the database on the Internet.Link“I was bored, and typed the name of my farm into Google to see what was out there,” said Marsha Bergmeier, president of Mohr Family Farms in Fairmount, Ill.
The first link that appeared in the search results was for her farm’s Web site. The second was for a site that she had never heard of, FedSpending.org, which provides a searchable database of federal government expenditures. The site uses information from the Census database.
Ms. Bergmeier said she was able to identify almost 30,000 records in the database that contained Social Security numbers. “I was stunned,” she said. “The numbers were right there in plain view in this database that anyone can access.”
Reader comment: Gabriela says,
I saw your post on BoingBoing about the USDA privacy breach that The New York Times reported and wanted to let you know The Sunlight Foundation just unveiled a new project -- Real Time Investigations – that also had exclusive coverage of this story and blogged about it moments before the Times piece ran.Real Time Investigations is an open source journalism effort that reveals the behind-the-scenes research involved in petitioning the federal government to make its information more accessible to citizens, constituents and journalists. We first learned of the extraordinary privacy breach by the USDA when a user of FedSpending.org, an online database of government spending created by OMB Watch and funded by us last year, reported it to OMB Watch late last week.
Posts
