Saturday, April 21, 2007

U.S. Database Exposed Social Security Numbers

The Agriculture Department for years publicly listed Social Security numbers of tens of thousands of people who received financial aid from two of its agencies, raising concerns about identity theft and other privacy violations. Officials at the department and at the Census Bureau, which maintains the database where the personal information was listed, were evidently unaware that it contained Social Security numbers. The problem was reported to the government last week by a farmer in Illinois who stumbled across the data on the Internet. “I was bored and typed the name of my farm into Google to see what was out there,” said Marsha Bergmeier, president of Mohr Family Farms in Fairmount, Ill. The first link in the results was to the Web site of Ms. Bergmeier’s farm. The second was to a site that Ms. Bergmeier had not heard of, FedSpending.org, which has a searchable listing of federal government expenditures. It uses information from the government database. Ms. Bergmeier said she was able to identify almost 30,000 records in the database that contained Social Security numbers. “I was stunned,” she said. “The numbers were right there in plain view in this database that anyone can access.” While there is no evidence that the information has been used improperly, officials at the Agriculture Department and the Census Bureau removed the numbers from the census Web site last week. Marc Rotenberg, executive director of the Electronic Privacy Information Center, a privacy rights group, said the improper disclosures might have violated the Federal Privacy Act, which restricts the release of such personal information. “Federal agencies are under strict obligations to limit the use of Social Security numbers as an identifier,” Mr. Rotenberg said. “It doesn’t look like that’s what happened in this case.” The Department of Energy, the Navy, the Department of Veterans Affairs, the Social Security Administration and the Internal Revenue Service also suffered data breaches last year where personal information was lost or stolen....

No comments: