Data Breach Revealed at USDA Web Site
STEVE INSKEEP, host:
Federal authorities are working out the details of what happened that led to a data breach at a federal agency, this time involving the agriculture department.
A spokeswoman says that for years the agency had posted the Social Security numbers of more than 60,000 people in a public database. Information was taken down last week after a complaint from a private citizen.
NPR's Allison Keyes explains.
ALLISON KEYES: The Social Security numbers belong to 63,000 people who received agriculture department grants. They have been posted on the Web since 1996 on a public Web site maintained by the U.S. Census Bureau. The census bureau collects and posts the grants made by 33 federal agencies.
The information was also on fedspending.org. The latter is owned by a nonprofit watchdog group which monitors the White House Office of Management and Budget and keeps a searchable listing of federal government expenditures. An Illinois farmer, Marcia Bergmire(ph), discovered the posting earlier this month when she searched her farm on Google.
The first hit was her farm's Web site. The second was the Fed spending Web site, which had posted the agriculture grants. But the grant's 15-digit identifying numbers included each recipient's nine-digit Social Security number. The next day, Bergmire called everyone, her congressman, the agriculture department, the census bureau and the private Web site. And the information was removed on April 13th.
A spokeswoman from the agriculture department says it's sending registered mail to 150,000 grant recipients who have been part of the public database since 1981 but says some names are listed more than once. So far there is no evidence of the information that's been used improperly.
But privacy experts note that the government database has been used by everyone, from federal and state agencies to journalists, for two decades, and they say the removal of the information from the Internet may not be enough. This is the latest in a string of data breaches at federal agencies in the past few years.
Allison Keyes, NPR News, Washington.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.