USDA Admits Exposing 26 Years Of Social Security Numbers

As many as 150,000 people have had their ID numbers exposed from an online database, one savvy farmer discovered.
The Social Security numbers of about 150,000 people may be at risk for identity theft after it was discovered that a government agency has exposed the personal identifying information on farmers and others for the last 26 years.

The U.S. Department of Agriculture announced Friday that it had inadvertently exposed online sensitive information, such as names and Social Security numbers, in a publicly available database. The database has existed since 1981 and the information has been exposed ever since it was put online, according to Terri Teuber, director of communications for the USDA.

Teuber said in an interview with InformationWeek that she's not sure when the database went online.

At the moment, the database contains information on 47,000 people who receive USDA funding from the Farm Services Agency and the USDA Rural Development agency, according to an advisory. USDA has identified between 105,000 and 150,000 individuals whose private information has been entered into the federal database at some time during the past 26 years.

The Department of Agriculture is notifying all of them about the exposure and is offering them one year of free credit monitoring.

Teuber said no one in the agency realized that the identifying information was in the publicly available database. "It's been downloaded thousands of times," she said. "It's been available for anyone to download. It's out there."

She added that different organizations actually downloaded the database and then featured it on their own Web sites. OBM Watch, a nonprofit organization that keeps an eye on government spending, had the database up on its Web site, but it has been taken down.

"This gross negligence on the part of the federal government is unacceptable," Gary D. Bass, executive director of OMB Watch, said in a written statement. "What appears to be a longstanding violation of federal law needs to be fixed without delay to protect the privacy rights of our citizens, and new identifiers need to be immediately generated to replace the current data to maintain the public's ability to track and review the government's spending of tax dollars. This fix is not technically difficult to accomplish and should be done immediately."

Teuber said the agency became aware of the data breach on April 13 after a farmer was researching the name of her farm on the Internet and stumbled upon the information. The woman is a recipient of USDA funding. Teuber said the identifying information was removed the day the woman called to notify the department.

Any USDA funding recipients who want to take advantage of the free credit monitoring can go to the Web site.

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing