USDA Admits Exposing 26 Years Of Social Security Numbers
As many as 150,000 people have had their ID numbers exposed from an online database, one savvy farmer discovered.
The Social Security numbers of about 150,000 people may be at risk for identity theft after it was discovered that a government agency has exposed the personal identifying information on farmers and others for the last 26 years.
The U.S. Department of Agriculture announced Friday that it had inadvertently exposed online sensitive information, such as names and Social Security numbers, in a publicly available database. The database has existed since 1981 and the information has been exposed ever since it was put online, according to Terri Teuber, director of communications for the USDA.
Teuber said in an interview with InformationWeek that she's not sure when the database went online.
At the moment, the database contains information on 47,000 people who receive USDA funding from the Farm Services Agency and the USDA Rural Development agency, according to an advisory. USDA has identified between 105,000 and 150,000 individuals whose private information has been entered into the federal database at some time during the past 26 years.
The Department of Agriculture is notifying all of them about the exposure and is offering them one year of free credit monitoring.
Teuber said no one in the agency realized that the identifying information was in the publicly available database. "It's been downloaded thousands of times," she said. "It's been available for anyone to download. It's out there."
She added that different organizations actually downloaded the database and then featured it on their own Web sites. OBM Watch, a nonprofit organization that keeps an eye on government spending, had the database up on its Web site, but it has been taken down.
"This gross negligence on the part of the federal government is unacceptable," Gary D. Bass, executive director of OMB Watch, said in a written statement. "What appears to be a longstanding violation of federal law needs to be fixed without delay to protect the privacy rights of our citizens, and new identifiers need to be immediately generated to replace the current data to maintain the public's ability to track and review the government's spending of tax dollars. This fix is not technically difficult to accomplish and should be done immediately."
Teuber said the agency became aware of the data breach on April 13 after a farmer was researching the name of her farm on the Internet and stumbled upon the information. The woman is a recipient of USDA funding. Teuber said the identifying information was removed the day the woman called to notify the department.
Any USDA funding recipients who want to take advantage of the free credit monitoring can go to the USA.gov Web site.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.