Social Security numbers and other personally identifiable information (PII) was left exposed on a government web portal for weeks, due to a design bug associated with a system upgrade.
The Freedom of Information Act portal, foiaonline.gov, is a resource to make it easy for Americans to request information from the government. Maintained by the Environmental Protection Agency (EPA), the site allowed people to search information requests, but redacted sensitive information if the viewer wasn’t authorized to see the details. In this case, when the site was updated on July 9, the masking (or redacting) feature was missing in action. As a result, full details were accessible if a user clicked through on a particular information request.
CNN reports that at least 80 full or partial social security numbers were published, along with immigrant identification numbers, contact information, and other sensitive details. “In one instance, a victim of a violent crime seeking information about the case described the crime. In others, victims of identity fraud seeking more information about their cases had their Social Security Numbers exposed in the process,” writes CNN.
Nuala O’Connor, a former chief privacy officer of the Department of Homeland Security, told CNN, “These sorts of data points allow people to engage in identity theft or some kind of harassment, or other malicious behavior. It puts potentially already vulnerable people at greater risk.”
CNN alerted the government prior to releasing its findings.
Get the full story at CNN.