150,000 Exposed in Long-Term Database Bungle

By Greg McNevin

April 23, 2007: The US Department of Agriculture (USDA) is in damage control after announcing on Friday that it has inadvertently been exposing the Social Security numbers of potentially 150,000 farmers on its website for an unknown number of years.

The details were stored in a federal database that was created in 1981, made public when it was put online as part of the department’s website. It is unknown when the database was put online which, according to informationweek.com, opens up the possibility that between 105,000 and 150,000 people have had their details exposed.

What’s worse, is that the database has already been downloaded thousands of times with some organisations even mirroring it on their own websites.

“This gross negligence on the part of the federal government is unacceptable,” writes Gary Bass, executive director of OMB Watch, in a statement on the group’s website. “What appears to be a longstanding violation of federal law needs to be fixed without delay to protect the privacy rights of our citizens.”

The USDA was notified of the problem on the 13th of April after being notified by a farmer who came across the information researching her own farm. At that point, the database held the details of 47,000 people who receive funding from the Farm Services Agency and the USDA Rural Development agency.

The incident shows just how easy it is for a mistake to have far reaching consequences in the online world, and highlights the fact that haphazard handling of private information is not all that dissimilar to playing Russian roulette with your credibility.

The USDA is offering “free credit monitoring services” as one recourse to those inadvertently involved. Those affected would no doubt have been happier with an ounce of prevention though.

Comment on this story