Govt Public Database Exposed SS Numbers of 63,000 People
02:07 PM, April 21st 2007
by Iuliu Blaga
An Illinois farmer discovered, by accident, that her name along with her Social Security number was displayed in plain view on a U.S. government website, FedSpending.org. She was only one of the about 63,000 people whose personal information was publicly displayed in connection with financial assistance from the U.S. Department of Agriculture.
The 63,000 people were awarded funds through the Farm Service Agency (FSA) or USDA Rural Development (RD).
"I was bored, and typed the name of my farm into Google to see what was out there," said Marsha Bergmeier, president of Mohr Family Farms in Fairmount, Ill.
"I was stunned," she said of the unexpected results which turned up on April 13. "The numbers were right there in plain view in this database that anyone can access."
The data was apparently pulled from the U.S. Census Bureau and the personal information breach was apparently going on for more than a decade. The site itself was created by OMB Watch to allow monitoring of federal spending. The 9-digit Social Security numbers were displayed as they were part of a special 15-digit federal contract identifier number.
"The bottom line is the government screwed up," said Gary Bass, executive director of OMB Watch. "What's really important is that they now try to rectify the problem. Thousands of research groups have copies of this site."
"The data field at the heart of the security problem, the Federal Award ID, is vitally important to investigators and researchers tracking specific transactions, as it is the only means for identifying a specific loan or grant," Bass said in the statement.
"For example, in order to file a Freedom of Information request about a financial transaction, the public needs to provide the Federal Award ID [which includes Social Security numbers]. Unfortunately, in response to the problem, the Census Bureau has deleted the Federal Award IDs for all FAADS records from its publicly downloadable files without any public notice about these changes and has yet to replace the information, eviscerating a key aspect of the data and lessening its value."
"Conceivably this could affect 100,000 people," Bass said. "What is harder [to determine] is how far this goes back. It could be decades. It's just that this is the first time it has been easily accessible to the public on the Web."
"It is truly astonishing that this has been happening," he said.
"We take full responsibility for this and offer no excuses for it," said Terri Teuber, a spokeswoman for the U.S. Department of Agriculture. "We absolutely do not think it was appropriate."
"There is no evidence that this information has been misused," Teuber added. "However, due to the potential that this information was downloaded prior to being removed, USDA will provide the additional [credit] monitoring service."
The matter was kept under wraps for about a week because the site was mirrored by at least a dozen other sites and the government also sought to contact all the people who could be exposed to identity theft. The Federal Privacy Act restricts the release of personal information.
The NYT reminds that last year, hackers illegally accessed an Agriculture Department database containing the names, Social Security numbers and photos of current and former agency employees. Also, the Department of Energy, the Navy, the Department of Veterans Affairs, the Social Security Administration and the Internal Revenue Service suffered various forms of data breaches last year in which personal information was lost or stolen.
Any USDA funding recipient with questions may call 1-800-FED-INFO (1-800-333-4636) or visit http://www.usda.gov/ or http://www.usa.gov. The call center operates from 8 a.m. to 8 p.m. EDT, Monday-Friday.
"Nobody listens any more. I can't talk to the walls because they're yelling at me. I can't talk to my wife; she listens to the walls." - Guy Montag